Reference : Fault Detection and Network Security in Software-Defined Networks with OpenFlow |
Dissertations and theses : Doctoral thesis | |||
Engineering, computing & technology : Computer science | |||
http://hdl.handle.net/10993/16375 | |||
Fault Detection and Network Security in Software-Defined Networks with OpenFlow | |
English | |
Hommes, Stefan ![]() | |
25-Mar-2014 | |
University of Luxembourg, Luxembourg, Luxembourg | |
Docteur en Informatique | |
130 | |
Engel, Thomas ![]() | |
State, Radu ![]() | |
Clemm, Alexander ![]() | |
Sorger, Ulrich ![]() | |
Herfet, Thorsten ![]() | |
[en] Software-Defined Networking ; OpenFlow ; Network Security | |
[en] Due to the rigid architecture of most switches and routers, which provide functionality
only for a certain application scenario, the flexibility of deploying new network functions is limited. The advent of programmable networks, which is described as Software-Defined Networking (SDN), allows the extension and control of networks based on a flexible con- trol plane, which is based on software and acts as a network operating system with network applications running on top of it. In this thesis we focussed on SDN based on the concept of the OpenFlow protocol. In or- der to deploy such networks in operational environments and datacentres, the challenges concerning network management are still lacking a sufficient analysis and are further investigated in this thesis, which examines the reliability and maintainability of SDN, as well as new security issues that are introduced with this architecture. The second contribution of this thesis is to provide solutions to some of the addressed challenges, with a focus on fault detection and network security. With regard to fault detection, we discuss the information content and monitoring as- pects of flow entries that are located on the network devices, but are managed from the network controller. This involves applying methods from information theory to deter- mine faults and attacks by observing the logical topology, and correlation facilities to determine errors that relate to the data plane. In network security, current approaches mostly rely on security appliances that are de- ployed at different locations in the network. We analyse the extend to which SDN can be leveraged to provide new ways of thwarting network attacks, and investigate the pos- sibilities for controller-based packet inspection to detect malicious communications in the network. This includes the extraction of hidden communication patterns originating from a stealthy backdoor. The freedom of extending controller software to meet new network service requirements comes at a high cost. Since the reliability of the network must be assured, tools are required to debug and test the software after each alteration step. We propose a solu- tion that instruments network applications with additional code for logging purposes, guaranteeing certain correctness properties. In combination with a database system, our framework can be leveraged to allow network debugging or anomaly detection. | |
Interdisciplinary Centre for Security, Reliability and Trust | |
Fonds National de la Recherche - FnR | |
Researchers ; Professionals ; Students | |
http://hdl.handle.net/10993/16375 |
File(s) associated to this reference | ||||||||||||||
Fulltext file(s):
| ||||||||||||||
All documents in ORBilu are protected by a user license.