skip to main content
research-article

Secure and Reliable Network Updates

Published:09 November 2022Publication History
Skip Abstract Section

Abstract

Software-defined wide area networking (SD-WAN) enables dynamic network policy control over a large distributed network via network updates. To be practical, network updates must be consistent (i.e., free of transient errors caused by updates to multiple switches), secure (i.e., only be executed when sent from valid controllers), and reliable (i.e., function despite the presence of faulty or malicious members in the control plane), while imposing only minimal overhead on controllers and switches.

We present SERENE: a protocol for secure and reliable network updates for SD-WAN environments. In short: Consistency is provided through the combination of an update scheduler and a distributed transactional protocol. Security is preserved by authenticating network events and updates, the latter with an adaptive threshold cryptographic scheme. Reliability is provided by replicating the control plane and making it resilient to a dynamic adversary by using a distributed ledger as a controller failure detector. We ensure practicality by providing a mechanism for scalability through the definition of independent network domains and exploiting the parallelism of network updates both within and across domains. We formally define SERENE’s protocol and prove its safety with regards to event-linearizability. Extensive experiments show that SERENE imposes minimal switch burden and scales to large networks running multiple network applications all requiring concurrent network updates, imposing at worst a 16% overhead on short-lived flow completion and negligible overhead on anticipated normal workloads.

REFERENCES

  1. [1] Mahajan Ratul and Wattenhofer Roger. 2013. On consistent updates in software defined networks. In Proceedings of the 12th ACM Workshop on Hot Topics in Networks. 7 pages. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. [2] Hong Chi-Yao, Kandula Srikanth, Mahajan Ratul, Zhang Ming, Gill Vijay, Nanduri Mohan, and Wattenhofer Roger. 2013. Achieving high utilization with software-driven WAN. In Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM. 1526. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. [3] Reitblatt Mark, Foster Nate, Rexford Jennifer, Schlesinger Cole, and Walker David. 2012. Abstractions for network update. In Proceedings of the ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication. 323334. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. [4] Brandt Sebastian, Foerster Klaus-Tycho, and Wattenhofer Roger. 2017. Augmenting flows for the consistent migration of multi-commodity single-destination flows in SDNs. Pervasive and Mobile Computing 36 (2017), 134150. DOI:Special Issue on Pervasive Social Computing.Google ScholarGoogle ScholarCross RefCross Ref
  5. [5] Luo Long, Yu Hongfang, Luo Shouxi, and Zhang Mingui. 2015. Fast lossless traffic migration for SDN updates. In Proceedings of the 2015 IEEE International Conference on Communications. 58035808. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  6. [6] Foerster Klaus-Tycho and Wattenhofer Roger. 2016. The power of two in consistent network updates: Hard loop freedom, easy flow migration. In Proceedings of the 25th International Conference on Computer Communication and Networks. 19. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  7. [7] Berde Pankaj, Gerola Matteo, Hart Jonathan, Higuchi Yuta, Kobayashi Masayoshi, Koide Toshio, Lantz Bob, O’Connor Brian, Radoslavov Pavlin, Snow William, and Parulkar Guru. 2014. ONOS: Towards an open, distributed SDN OS. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. 16. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. [8] Koponen Teemu, Casado Martin, Gude Natasha, Stribling Jeremy, Poutievski Leon, Zhu Min, Ramanathan Rajiv, Iwata Yuichiro, Inoue Hiroaki, Hama Takayuki, and Shenker Scott. 2010. Onix: A distributed control platform for large-scale production networks. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation. 351364.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. [9] Katta Naga, Zhang Haoyu, Freedman Michael, and Rexford Jennifer. 2015. Ravana: Controller fault-tolerance in software-defined networking. In Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research. 12 pages. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. [10] Li He, Li Peng, Guo Song, and Nayak Amiya. 2014. Byzantine-resilient secure software-defined networks with multiple controllers in cloud. IEEE Transactions on Cloud Computing 2, 4 (2014), 436447. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  11. [11] Sakic Ermin, Deric Nemanja, and Kellerer Wolfgang. 2018. MORPH: An adaptive framework for efficient and byzantine fault-tolerant SDN control plane. IEEE Journal on Selected Areas in Communications 36, 10 (2018), 21582174. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. [12] Lamport Leslie, Shostak Robert, and Pease Marshall. 1982. The byzantine generals problem. ACM Transactions on Programming Languages and Systems 4, 3 (1982), 382401. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. [13] Castro Miguel and Liskov Barbara. 1999. Practical byzantine fault tolerance. In Proceedings of the 3rd Symposium on Operating Systems Design and Implementation. 173186.Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. [14] Bessani Alysson, Sousa João, and Alchieri Eduardo E. P.. 2014. State machine replication for the masses with BFT-SMaRt. In Proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 355362. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. [15] Hsu Kuo-Feng, Beckett Ryan, Chen Ang, Rexford Jennifer, and Walker David. 2020. Contra: A programmable system for performance-aware routing. In Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation. 701721.Google ScholarGoogle Scholar
  16. [16] Jin Xin, Liu Hongqiang Harry, Gandhi Rohan, Kandula Srikanth, Mahajan Ratul, Zhang Ming, Rexford Jennifer, and Wattenhofer Roger. 2014. Dynamic scheduling of network updates. In Proceedings of the 2014 Conference of the ACM Special Interest Group on Data Communication. 539550. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. [17] Dang Huynh Tu, Sciascia Daniele, Canini Marco, Pedone Fernando, and Soulé Robert. 2015. NetPaxos: Consensus at network speed. In Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research.7 pages. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. [18] Kate Aniket. ([n. d.]). Distributed Key Generator. Retrieved 7 Dec., 2020 from https://crysp.uwaterloo.ca/software/DKG/.Google ScholarGoogle Scholar
  19. [19] Doudou Assia, Garbinato Benoît, Guerraoui Rachid, and Schiper André. 1999. Muteness failure detectors: Specification and implementation. In Proceedings of the 3rd European Dependable Computing Conference on Dependable Computing. 7187. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  20. [20] Zhou Wenchao, Fei Qiong, Narayan Arjun, Haeberlen Andreas, Loo Boon Thau, and Sherr Micah. 2011. Secure network provenance. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 295310. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. [21] ([n. d.]). Ryu SDN Framework. Retrieved 7 Dec., 2020 from http://osrg.github.io/ryu.Google ScholarGoogle Scholar
  22. [22] Lembke James, Ravi Srivatsan, Eugster Patrick, and Schmid Stefan. 2020. RoSCo: Robust updates for software-defined networks. IEEE Journal on Selected Areas in Communications 38, 7 (2020), 13521365. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  23. [23] Lynn Ben. ([n. d.]). The Pairing Based Cryptography Library. Retrieved 7 Dec., 2020 from https://crypto.stanford.edu/pbc/.Google ScholarGoogle Scholar
  24. [24] ([n. d.]). OpenFlow Discovery Protocol. Retrieved 7 Dec., 2020 from https://groups.geni.net/geni/wiki/OpenFlowDiscoveryProtocol.Google ScholarGoogle Scholar
  25. [25] Internet2 Community. Retrieved 20 Feb., 2021 https://internet2.edu.Google ScholarGoogle Scholar
  26. [26] Lembke James, Ravi Srivatsan, Roman Pierre-Louis, and Eugster Patrick. 2020. Consistent and secure network updates made practical. In Proceedings of the 21st International Middleware Conference. 149162. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. [27] Open Networking Foundation. 2015. OpenFlow Switch Specification. v1.5.1.Google ScholarGoogle Scholar
  28. [28] Azzouni Abdelhadi, Boutaba Raouf, Trang Nguyen Thi Mai, and Pujolle Guy. 2018. sOFTDP: Secure and efficient openflow topology discovery protocol. In Proceedings of the 2018 IEEE/IFIP Network Operations and Management Symposium. 17. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. [29] Chandrasekaran Balakrishnan and Benson Theophilus. 2014. Tolerating SDN application failures with LegoSDN. In Proceedings of the 13th ACM Workshop on Hot Topics in Networks. 17. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. [30] Shin Seungwon, Song Yongjoo, Lee Taekyung, Lee Sangho, Chung Jaewoong, Porras Phillip, Yegneswaran Vinod, Noh Jiseong, and Kang Brent Byunghoon. 2014. Rosemary: A robust, secure, and high-performance network operating system. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 7889. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. [31] Yeganeh Soheil Hassas and Ganjali Yashar. 2016. Beehive: Simple distributed programming in software-defined networks. In Proceedings of the Symposium on SDN Research. 112. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. [32] Dargin Mark. ([n. d.]). Secure your SDN controller. Retrieved 1 Jan., 2021 from https://www.networkworld.com/article/3245173/secure-your-sdn-controller.html.Google ScholarGoogle Scholar
  33. [33] Hogg Scott. ([n. d.]). SDN Security Attack Vectors and SDN Hardening. Retrieved 1 Jan., 2021 from https://www.networkworld.com/article/2840273/sdn-security-attack-vectors-and-sdn-hardening.html.Google ScholarGoogle Scholar
  34. [34] Asturias Diego. ([n. d.]). 9 Types of Software Defined Network attacks and how to protect from them. Retrieved 1 Jan., 2021 from https://www.routerfreak.com/9-types-software-defined-network-attacks-protect/.Google ScholarGoogle Scholar
  35. [35] Brooks Michael and Yang Baijian. 2015. A man-in-the-middle attack against opendaylight SDN controller. In Proceedings of the 4th Annual ACM Conference on Research in Information Technology. 4549. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. [36] Dover Jeremy M.. 2013. A denial of service attack against the open floodlight SDN controller. Dover Networks LCC, Edgewater, MD (2013). Retrieved 1 Jan., 2021 http://dovernetworks.com/wp-content/uploads/2013/12/OpenFloodlight-12302013.pdf.Google ScholarGoogle Scholar
  37. [37] ([n. d.]). OpenFlow PacketOut. Retrieved 7 Dec., 2020 from http://flowgrammable.org/sdn/openflow/message-layer/packetout/.Google ScholarGoogle Scholar
  38. [38] Lee Seungsoo, Yoon Changhoon, and Shin Seungwon. 2016. The smaller, the shrewder: A simple malicious application can kill an entire SDN environment. In Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. 2328. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. [39] ([n. d.]). Policy Framework for ONOS. Retrieved 7 May, 2020 from https://wiki.onosproject.org/display/ONOS/POLICY+FRAMEWORK+FOR+ONOS.Google ScholarGoogle Scholar
  40. [40] Bosshart Pat, Daly Dan, Gibb Glen, Izzard Martin, McKeown Nick, Rexford Jennifer, Schlesinger Cole, Talayco Dan, Vahdat Amin, Varghese George, and Walker David. 2014. P4: Programming protocol-independent packet processors. SIGCOMM Computer Communication Review 44, 3 (2014), 8795. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. [41] ([n. d.]). OpenDaylight Group Based Policy. Retrieved 1 Jan., 2021 from https://docs.opendaylight.org/en/stable-fluorine/user-guide/group-based-policy-user-guide.html.Google ScholarGoogle Scholar
  42. [42] Karakus Murat and Durresi Arjan. 2017. A survey: Control plane scalability issues and approaches in software-defined networking (SDN). Computer Networks 112 (2017), 279293. DOI: http://dx.doi.org/0.1016/j.comnet.2016.11.017Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. [43] Thai Peter and Oliveira Jaudelice C. de. 2013. Decoupling policy from routing with software defined interdomain management: Interdomain routing for SDN-based networks. In Proceedings of the 2013 22nd International Conference on Computer Communication and Networks. 16. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  44. [44] Roy Arjun, Zeng Hongyi, Bagga Jasmeet, Porter George, and Snoeren Alex C.. 2015. Inside the social network’s (datacenter) network. In Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication. 123137. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. [45] Gude Natasha, Koponen Teemu, Pettit Justin, Pfaff Ben, Casado Martín, McKeown Nick, and Shenker Scott. 2008. NOX: Towards an operating system for networks. SIGCOMM Computer Communication Review 38, 3 (2008), 105110. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. [46] ([n. d.]). Cisco Open SDN Controller. Retrieved 7 May, 2020 from http://www.cisco.com/c/en/us/products/cloud-systems-management/opensdn-controller/index.html.Google ScholarGoogle Scholar
  47. [47] ([n. d.]). OpenDaylight. Retrieved 1 April, 2020 from https://www.opendaylight.org.Google ScholarGoogle Scholar
  48. [48] ([n. d.]). Central Office Re-architected as a Datacenter (CORD). Retrieved 1 April, 2020 from https://opencord.org/.Google ScholarGoogle Scholar
  49. [49] ([n. d.]). Packet-Optical. Retrieved 1 April, 2020 from https://wiki.onosproject.org/display/ONOS/Packet+Optical+Convergence.Google ScholarGoogle Scholar
  50. [50] ([n. d.]). Configuring TLS for inter-controller communication. Retrieved 1 April, 2020 from https://wiki.onosproject.org/display/ONOS/Configuring+TLS+for+inter-controller+communication.Google ScholarGoogle Scholar
  51. [51] ([n. d.]). Configuring OVS connection using SSL/TLS with self-signed certificates. Retrieved 1 April, 2020 from https://wiki.onosproject.org/pages/viewpage.action?pageId=6358090.Google ScholarGoogle Scholar
  52. [52] Botelho Fábio, Ribeiro Tulio A., Ferreira Paulo, Ramos Fernando M. V., and Bessani Alysson. 2016. Design and implementation of a consistent data store for a distributed SDN control plane. In Proceedings of the 2016 12th European Dependable Computing Conference. 169180. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  53. [53] McClurg Jedidiah, Hojjat Hossein, Foster Nate, and Černý Pavol. 2016. Event-driven network programming. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation. 369385. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. [54] Nguyen Thanh Dang, Chiesa Marco, and Canini Marco. 2017. Decentralized consistent updates in SDN. In Proceedings of the Symposium on SDN Research. 2133. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. [55] Černỳ Pavol, Foster Nate, Jagnik Nilesh, and McClurg Jedidiah. 2016. Optimal consistent network updates in polynomial time. In Proceedings of the International Symposium on Distributed Computing. 114128. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  56. [56] Kazemian Peyman, Varghese George, and McKeown Nick. 2012. Header space analysis: Static checking for networks. In Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation. 113126.Google ScholarGoogle Scholar
  57. [57] Beckett Ryan, Gupta Aarti, Mahajan Ratul, and Walker David. 2017. A general approach to network configuration verification. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication. 155168. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. [58] Agborubere Belema and Sanchez-Velazquez Erika. 2017. OpenFlow communications and TLS security in software-defined networks. In Proceedings of the 2017 IEEE International Conference on Internet of Things and IEEE Green Computing and Communications and IEEE Cyber, Physical and Social Computing and IEEE Smart Data. 560566. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  59. [59] Chen Ang, Wu Yang, Haeberlen Andreas, Zhou Wenchao, and Loo Boon Thau. 2016. The good, the bad, and the differences: Better network diagnostics with differential provenance. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication. 115128. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. [60] Handigol Nikhil, Heller Brandon, Jeyakumar Vimalkumar, Mazières David, and McKeown Nick. 2014. I know what your packet did last hop: Using packet histories to troubleshoot networks. In Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation.Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. [61] Wallner Ryan and Cannistra Robert. 2013. An SDN approach: Quality of service using big switch’s floodlight open-source controller. Proceedings of the Asia-Pacific Advanced Network 35 (2013), 1419. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  62. [62] Sharma Pradip Kumar, Singh Saurabh, Jeong Young-Sik, and Park Jong Hyuk. 2017. DistBlockNet: A distributed blockchains-based secure SDN architecture for IoT networks. IEEE Communications Magazine 55, 9 (2017), 7885. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. [63] Arash Shaghaghi, Mohamed Ali Kaafar, Rajkumar Buyya, and Sanjay Jha. 2020. Software-Defined Network (SDN) Data Plane Security: Issues, Solutions and Future Directions. In Handbook of Computer Networks and Cyber Security. 341–387.Google ScholarGoogle Scholar
  64. [64] Shamseddine Maha, Itani Wassim, Kayssi Ayman, and Chehab Ali. 2017. Virtualized network views for localizing misbehaving sources in SDN data planes. In Proceedings of the 2017 IEEE International Conference on Communications. 17. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  65. [65] Skowyra Richard, Lapets Andrei, Bestavros Azer, and Kfoury Assaf. 2014. A verification platform for SDN-enabled applications. In Proceedings of the 2014 IEEE International Conference on Cloud Engineering. 337342. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. [66] Yuan Bin, Lin Chen, Zou Deqing, Yang Laurence Tianruo, and Jin Hai. 2021. Detecting malicious switches for a secure software-defined tactile internet. ACM Transactions on Internet Technology 21, 4 (2021), 123. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. [67] Anil Ashidha, Rufzal TA, and Vasudevan Vipindev Adat. 2022. DDoS detection in software-defined network using entropy method. In Proceedings of the 7th International Conference on Mathematics and Computing. 129139. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  68. [68] Bawany Narmeen Zakaria, Shamsi Jawwad A., and Salah Khaled. 2017. DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arabian Journal for Science and Engineering 42, 2 (2017), 425441. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  69. [69] Buragohain Chaitanya and Medhi Nabajyoti. 2016. FlowTrApp: An SDN based architecture for DDoS attack detection and mitigation in data centers. In Proceedings of the 2016 3rd International Conference on Signal Processing and Integrated Networks. 519524. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  70. [70] Sebbar Anass, Zkik Karim, Baddi Youssef, Boulmalf Mohammed, and Kettani Mohamed Dafir Ech-Cherif El. 2020. MitM detection and defense mechanism CBNA-RF based on machine learning for large-scale SDN context. Journal of Ambient Intelligence and Humanized Computing 11, 12 (2020), 58755894. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  71. [71] Pereíni Peter, Kuzniar Maciej, Canini Marco, and Kostić Dejan. 2014. ESPRES: Transparent SDN update scheduling. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. 7378. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. [72] McClurg Jedidiah, Hojjat Hossein, Černý Pavol, and Foster Nate. 2015. Efficient synthesis of network updates. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation. 196207. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  73. [73] Desmedt Yvo G.. 1994. Threshold cryptography. European Transactions on Telecommunications 5, 4 (1994), 449458. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  74. [74] Gennaro Rosario, Jarecki Stanislaw, Krawczyk Hugo, and Rabin Tal. 1996. Robust threshold DSS signatures. In Proceedings of the Advances in Cryptology – EUROCRYPT. 354371. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  75. [75] Shamir Adi. 1979. How to share a secret. Communications of the ACM 22, 11 (1979), 612613. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  76. [76] Chor Benny, Goldwasser Shafi, Micali Silvio, and Awerbuch Baruch. 1985. Verifiable secret sharing and achieving simultaneity in the presence of faults. In Proceedings of the 26th Annual Symposium on Foundations of Computer Science. 383395. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  77. [77] Kate Aniket, Huang Yizhou, and Goldberg Ian. 2012. Distributed Key Generation in the Wild. Cryptology ePrint Archive, Paper 2012/377. (2012). Retrieved 7 Dec., 2020 from https://eprint.iacr.org/2012/377.Google ScholarGoogle Scholar
  78. [78] Hadzilacos Vassos and Toueg Sam. 1994. A Modular Approach to Fault-Tolerant Broadcasts and Related Problems. Technical Report. Cornell University.Google ScholarGoogle ScholarDigital LibraryDigital Library
  79. [79] Chandra Tushar Deepak and Toueg Sam. 1996. Unreliable failure detectors for reliable distributed systems. Journal of the ACM 43, 2 (1996), 225267. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  80. [80] Haeberlen Andreas, Kouznetsov Petr, and Druschel Peter. 2007. PeerReview: Practical accountability for distributed systems. In Proceedings of the21st ACM SIGOPS Symposium on Operating Systems Principles. 175188. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  81. [81] Chun Byung-Gon, Maniatis Petros, Shenker Scott, and Kubiatowicz John. 2007. Attested append-only memory: Making adversaries stick to their word. In Proceedings of the21st ACM SIGOPS Symposium on Operating Systems Principles. 189204. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  82. [82] Androulaki Elli, Barger Artem, Bortnikov Vita, Cachin Christian, Christidis Konstantinos, Caro Angelo De, Enyeart David, Ferris Christopher, Laventman Gennady, Manevich Yacov, Muralidharan Srinivasan, Murthy Chet, Nguyen Binh, Sethi Manish, Singh Gari, Smith Keith, Sorniotti Alessandro, Stathakopoulou Chrysoula, Vukolić Marko, Cocco Sharon Weed, and Yellick Jason. 2018. Hyperledger fabric: A distributed operating system for permissioned blockchains. In Proceedings of the 13th EuroSys Conference. 30:1–30:15. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  83. [83] Kokoris-Kogias Eleftherios, Jovanovic Philipp, Gasser Linus, Gailly Nicolas, Syta Ewa, and Ford Bryan. 2018. OmniLedger: A secure, scale-out, decentralized ledger via sharding. In Proceedings of the 2018 IEEE Symposium on Security and Privacy. 1934. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  84. [84] Zamani Mahdi, Movahedi Mahnush, and Raykova Mariana. 2018. RapidChain: Scaling blockchain via full sharding. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 931948. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  85. [85] Clement Allen, Junqueira Flavio, Kate Aniket, and Rodrigues Rodrigo. 2012. On the (limited) power of non-equivocation. In Proceedings of the 2012 ACM Symposium on Principles of Distributed Computing. 301308. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  86. [86] Lamport Leslie, Malkhi Dahlia, and Zhou Lidong. 2010. Reconfiguring a state machine. ACM SIGACT News 41, 1 (2010), 6373. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  87. [87] Lamport Leslie. 1998. The part-time parliament. ACM Transactions on Computer Systems 16, 2 (1998), 133169. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  88. [88] Cao Jiahao, Xie Renjie, Sun Kun, Li Qi, Gu Guofei, and Xu Mingwei. 2020. When match fields do not need to match: Buffered packets hijacking in SDN. In Proceedings of the 27th Annual Network and Distributed System Security Symposium. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  89. [89] Boneh Dan, Lynn Ben, and Shacham Hovav. 2004. Short signatures from the weil pairing. Journal of Cryptology 17, 4 (2004), 297319. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  90. [90] ([n. d.]). OpenFlow Role Request Messages. Retrieved 7 Dec., 2020 from https://ryu.readthedocs.io/en/latest/ofproto_v1_3_ref.html#role-request-message.Google ScholarGoogle Scholar
  91. [91] Standard for Local and Metropolitan Area Networks - Station and Media Access Control Connectivity Discovery, 802.1AB-REV Draft 6.0, IEEE, Jun. 24.Google ScholarGoogle Scholar
  92. [92] ([n. d.]). About DETERLab. Retrieved 1 April, 2020 from https://deter-project.org/about_deterlab.Google ScholarGoogle Scholar
  93. [93] ([n. d.]). DETERLab PC3000 Node Information. Retrieved 1 April, 2020 from https://www.isi.deterlab.net/shownodetype.php?node_type=pc3000.Google ScholarGoogle Scholar
  94. [94] ([n. d.]). OpenVz. Retrieved 1 April, 2020 from https://openvz.org/.Google ScholarGoogle Scholar
  95. [95] ([n. d.]). Introducing data center fabric, the next-generation Facebook data center network. Retrieved 7 May, 2020 from https://code.fb.com/production-engineering/introducing-data-center-fabric-the-next-generation-facebook-data-center-network/.Google ScholarGoogle Scholar
  96. [96] ([n. d.]). The Internet Topology Zoo. Retrieved 7 May, 2020 from http://www.topology-zoo.org/.Google ScholarGoogle Scholar
  97. [97] Ros Francisco Javier and Ruiz Pedro Miguel. 2014. Five nines of southbound reliability in software-defined networks. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. 3136. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Secure and Reliable Network Updates

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Privacy and Security
          ACM Transactions on Privacy and Security  Volume 26, Issue 1
          February 2023
          342 pages
          ISSN:2471-2566
          EISSN:2471-2574
          DOI:10.1145/3561959
          Issue’s Table of Contents

          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 9 November 2022
          • Online AM: 12 August 2022
          • Accepted: 23 July 2022
          • Revised: 7 May 2022
          • Received: 8 June 2021
          Published in tops Volume 26, Issue 1

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Refereed
        • Article Metrics

          • Downloads (Last 12 months)255
          • Downloads (Last 6 weeks)27

          Other Metrics

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Full Text

        View this article in Full Text.

        View Full Text

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!