Byzantine-resilient secure software-defined networks with multiple controllers in cloud

He Li, Peng Li, Song Guo, Amiya Nayak

Research output: Journal article publicationJournal articleAcademic researchpeer-review

75 Citations (Scopus)


Software-defined network (SDN) is the next generation of networking architecture that is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today's applications. In SDN, network management is facilitated through software rather than low-level device configurations. However, the centralized control plane introduced by SDN imposes a great challenge for the network security. In this paper, we present a secure SDN structure, in which each device is managed by multiple controllers, not just a single as in a traditional manner, with the dynamic and isolated instance provided by the cloud. It can resist Byzantine attacks on controllers and the communication links between controllers and SDN switches. Furthermore, we study a controller minimization problem with security requirement and propose a cost-efficient controller assignment algorithm with a constant approximation ratio. From the experiment result, the secure SDN structure has little impact on the network latency, provide better security than general distributed controller, and the proposed algorithm performs higher efficiency than random assignment.
Original languageEnglish
Article number6893017
Pages (from-to)436-447
Number of pages12
JournalIEEE Transactions on Cloud Computing
Issue number4
Publication statusPublished - 1 Jan 2014
Externally publishedYes


  • approximation algorithm
  • Byzantine attack
  • cloud computing
  • Software-defined network

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications

Cite this