Abstract
Software-defined network (SDN) is the next generation of networking architecture that is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today's applications. In SDN, network management is facilitated through software rather than low-level device configurations. However, the centralized control plane introduced by SDN imposes a great challenge for the network security. In this paper, we present a secure SDN structure, in which each device is managed by multiple controllers, not just a single as in a traditional manner, with the dynamic and isolated instance provided by the cloud. It can resist Byzantine attacks on controllers and the communication links between controllers and SDN switches. Furthermore, we study a controller minimization problem with security requirement and propose a cost-efficient controller assignment algorithm with a constant approximation ratio. From the experiment result, the secure SDN structure has little impact on the network latency, provide better security than general distributed controller, and the proposed algorithm performs higher efficiency than random assignment.
Original language | English |
---|---|
Article number | 6893017 |
Pages (from-to) | 436-447 |
Number of pages | 12 |
Journal | IEEE Transactions on Cloud Computing |
Volume | 2 |
Issue number | 4 |
DOIs | |
Publication status | Published - 1 Jan 2014 |
Externally published | Yes |
Keywords
- approximation algorithm
- Byzantine attack
- cloud computing
- Software-defined network
ASJC Scopus subject areas
- Software
- Information Systems
- Hardware and Architecture
- Computer Science Applications
- Computer Networks and Communications