Semantic security methods for software-defined networks

E. Yu. Antoshina; D. Ju. Chalyy

Geodesic

Parcourir par

Semantic security methods for software-defined networks

E. Yu. Antoshina ; D. Ju. Chalyy

Modelirovanie i analiz informacionnyh sistem, Tome 24 (2017) no. 6, pp. 755-759.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

Software-defined networking is a promising technology for constructing communication networks where the network management is the software that configures network devices. This contrasts with the traditional point of view where the network behaviour is updated by manual configuration uploading to devices under control. The software controller allows dynamic routing configuration inside the net depending on the quality of service. However, there must be a proof that ensures that every network flow is secure, for example, we can define security policy as follows: confidential nodes can not send data to the public segment of the network. The paper shows how this problem can be solved by using a semantic security model. We propose a method that allows us to construct semantics that captures necessary security properties the network must follow. This involves the specification that states allowed and forbidden network flows. The specification is then modeled as a decision tree that may be reduced. We use the decision tree for semantic construction that captures security requirements. The semantic can be implemented as a module of the controller software so the correctness of the control plane of the network can be ensured on-the-fly.

Keywords: security, semantics, software-defined networks.

@article{MAIS_2017_24_6_a7,
     author = {E. Yu. Antoshina and D. Ju. Chalyy},
     title = {Semantic security methods for software-defined networks},
     journal = {Modelirovanie i analiz informacionnyh sistem},
     pages = {755--759},
     publisher = {mathdoc},
     volume = {24},
     number = {6},
     year = {2017},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/MAIS_2017_24_6_a7/}
}

TY  - JOUR
AU  - E. Yu. Antoshina
AU  - D. Ju. Chalyy
TI  - Semantic security methods for software-defined networks
JO  - Modelirovanie i analiz informacionnyh sistem
PY  - 2017
SP  - 755
EP  - 759
VL  - 24
IS  - 6
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/MAIS_2017_24_6_a7/
LA  - ru
ID  - MAIS_2017_24_6_a7
ER  -

%0 Journal Article
%A E. Yu. Antoshina
%A D. Ju. Chalyy
%T Semantic security methods for software-defined networks
%J Modelirovanie i analiz informacionnyh sistem
%D 2017
%P 755-759
%V 24
%N 6
%I mathdoc
%U http://geodesic.mathdoc.fr/item/MAIS_2017_24_6_a7/
%G ru
%F MAIS_2017_24_6_a7

E. Yu. Antoshina; D. Ju. Chalyy. Semantic security methods for software-defined networks. Modelirovanie i analiz informacionnyh sistem, Tome 24 (2017) no. 6, pp. 755-759. http://geodesic.mathdoc.fr/item/MAIS_2017_24_6_a7/

Bibliographie
Cité par

[1] Sabelfeld A, Myers A.C., “Language-Based Information-Flow Security”, IEEE Journal on Selected Areas in Communications, 21:1 (2003), 5–19 | DOI

[2] Smeliansky R.L., “SDN for Network Security”, Proc. of Int. Conf. "Modern Networking Technologies (MoNeTec), 2014, 86–95

[3] Casado M., Foster N., Guha A., “Abstractions for Software-Defined Networks”, Communications of the ACM, 57:10 (2014), 86–95 | DOI

[4] Foster N., Freedman M.J., Monasanto Ch., Rexford J., Story A., Walker D., “Splendid Isolation: A Slice Abstraction for Software-Defined Networks”, CM Int. Conf. on Functional Programming (2011), 279—291 | Zbl

[5] McKeown N., Anderson T., Balakrishnan H., Parulkar G., Kozen D., Peterson L., Rexford J., Shenker S., Turner J., “OpenFlow: Enabling Innovation in Campus Networks”, SIGCOMM Computer Communications Review, 38:2 (2008), 69–74 | DOI

[6] Antoshina E.Ju., Nikitin E.S., Chalyy D.Ju., Sokolov V.A., “End-to-end Information Flow Security Model for Software-Defined Networks”, Modeling and Analysis of Information Systems, 22:6 (2015), 735–749 | MR