Wang, Haopei (2018-08). Towards Robust, Accountable and Multitenancy-Friendly Control Plane in Software-Defined Networks. Doctoral Dissertation. Thesis uri icon

abstract

  • Software-Defined Networking (SDN) has quickly emerged as a new promising technology for future networks. Its decoupling of the logically centralized control plane from the data plane makes the network management more flexible. However, recently, there are several trends to the computer networks that bring new challenges to the SDN. First, with the rapid expansion of computer networks, there will be much more network events along with the large volume of network traffic that brings the scalability issue to the SDN control plane. The scalability issue could bring even more challenging security threat. Second, the third-party applications in the SDN control plane are becoming more complex and prone to bugs/vulnerabilities. However, existing network diagnosis tools cannot directly apply to the SDN since they cannot reason the root causes within the buggy/vulnerable application. Third, many enterprise networks migrate to the Infrastructure-asa- Service clouds. However, existing IaaS clouds only allow the cloud administrator to enjoy the benefit of SDN. The cloud tenants are not able to enjoy the technique of SDN in the clouds due to several security and privacy issues. Motivated by these challenges, we aim to enhance several new features to the SDN control plane. Our target is to design a secure SDN control plane which is: 1) robust to handle spikes of data plane events and even flooding attacks; 2) accountable to give records and explanation about how the flow control decisions have been made to help the diagnosis of networking problems; and 3) multitenancy-friendly to allow multitenancy management of network functions in the Infrastructure-as-a-Service clouds. In this dissertation work, we propose three extensions to the SDN control plane to enhance the three new features. To make the SDN control plane robust, we design a scalable, efficient, lightweight, and protocol-independent defense framework for SDN networks to prevent the datato- control plane saturation attack. To make the SDN control plane accountable, we provide finegrained forensics and diagnosis functions in the SDN networks. To make the SDN control plane multitenancy-friendly, we introduce a new cloud usage paradigm: Bring Your Own Controller (BYOC), which offers each tenant an individual SDN controller, where tenants can deploy SDN applications to manage their network. We also propose how to design a new SDN control plane from the scratch by integrating the three extensions. The evaluation results show that our solution can meet the needs and achieve a secure SDN framework.
  • Software-Defined Networking (SDN) has quickly emerged as a new promising technology for
    future networks. Its decoupling of the logically centralized control plane from the data plane makes
    the network management more flexible. However, recently, there are several trends to the computer
    networks that bring new challenges to the SDN. First, with the rapid expansion of computer networks,
    there will be much more network events along with the large volume of network traffic
    that brings the scalability issue to the SDN control plane. The scalability issue could bring even
    more challenging security threat. Second, the third-party applications in the SDN control plane
    are becoming more complex and prone to bugs/vulnerabilities. However, existing network diagnosis
    tools cannot directly apply to the SDN since they cannot reason the root causes within the
    buggy/vulnerable application. Third, many enterprise networks migrate to the Infrastructure-asa-
    Service clouds. However, existing IaaS clouds only allow the cloud administrator to enjoy the
    benefit of SDN. The cloud tenants are not able to enjoy the technique of SDN in the clouds due
    to several security and privacy issues. Motivated by these challenges, we aim to enhance several
    new features to the SDN control plane. Our target is to design a secure SDN control plane which
    is: 1) robust to handle spikes of data plane events and even flooding attacks; 2) accountable to give
    records and explanation about how the flow control decisions have been made to help the diagnosis
    of networking problems; and 3) multitenancy-friendly to allow multitenancy management of
    network functions in the Infrastructure-as-a-Service clouds.
    In this dissertation work, we propose three extensions to the SDN control plane to enhance
    the three new features. To make the SDN control plane robust, we design a scalable, efficient,
    lightweight, and protocol-independent defense framework for SDN networks to prevent the datato-
    control plane saturation attack. To make the SDN control plane accountable, we provide finegrained
    forensics and diagnosis functions in the SDN networks. To make the SDN control plane
    multitenancy-friendly, we introduce a new cloud usage paradigm: Bring Your Own Controller
    (BYOC), which offers each tenant an individual SDN controller, where tenants can deploy SDN
    applications to manage their network. We also propose how to design a new SDN control plane
    from the scratch by integrating the three extensions. The evaluation results show that our solution
    can meet the needs and achieve a secure SDN framework.

publication date

  • August 2018