Abstract
Software-defined wide area networking (SD-WAN) enables dynamic network policy control over a large distributed network via network updates. To be practical, network updates must be consistent (i.e., free of transient errors caused by updates to multiple switches), secure (i.e., only be executed when sent from valid controllers), and reliable (i.e., function despite the presence of faulty or malicious members in the control plane), while imposing only minimal overhead on controllers and switches.
We present SERENE: a protocol for
- [1] . 2013. On consistent updates in software defined networks. In Proceedings of the 12th ACM Workshop on Hot Topics in Networks. 7 pages.
DOI: Google ScholarDigital Library
- [2] . 2013. Achieving high utilization with software-driven WAN. In Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM. 15–26.
DOI: Google ScholarDigital Library
- [3] . 2012. Abstractions for network update. In Proceedings of the ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication. 323–334.
DOI: Google ScholarDigital Library
- [4] . 2017. Augmenting flows for the consistent migration of multi-commodity single-destination flows in SDNs. Pervasive and Mobile Computing 36 (2017), 134–150.
DOI: Special Issue on Pervasive Social Computing. Google ScholarCross Ref
- [5] . 2015. Fast lossless traffic migration for SDN updates. In Proceedings of the 2015 IEEE International Conference on Communications. 5803–5808.
DOI: Google ScholarCross Ref
- [6] . 2016. The power of two in consistent network updates: Hard loop freedom, easy flow migration. In Proceedings of the 25th International Conference on Computer Communication and Networks. 1–9.
DOI: Google ScholarCross Ref
- [7] . 2014. ONOS: Towards an open, distributed SDN OS. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. 1–6.
DOI: Google ScholarDigital Library
- [8] . 2010. Onix: A distributed control platform for large-scale production networks. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation. 351–364.Google Scholar
Digital Library
- [9] . 2015. Ravana: Controller fault-tolerance in software-defined networking. In Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research. 12 pages.
DOI: Google ScholarDigital Library
- [10] . 2014. Byzantine-resilient secure software-defined networks with multiple controllers in cloud. IEEE Transactions on Cloud Computing 2, 4 (2014), 436–447.
DOI: Google ScholarCross Ref
- [11] . 2018. MORPH: An adaptive framework for efficient and byzantine fault-tolerant SDN control plane. IEEE Journal on Selected Areas in Communications 36, 10 (2018), 2158–2174.
DOI: Google ScholarDigital Library
- [12] . 1982. The byzantine generals problem. ACM Transactions on Programming Languages and Systems 4, 3 (1982), 382–401.
DOI: Google ScholarDigital Library
- [13] . 1999. Practical byzantine fault tolerance. In Proceedings of the 3rd Symposium on Operating Systems Design and Implementation. 173–186.Google Scholar
Digital Library
- [14] . 2014. State machine replication for the masses with BFT-SMaRt. In Proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 355–362.
DOI: Google ScholarDigital Library
- [15] . 2020. Contra: A programmable system for performance-aware routing. In Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation. 701–721.Google Scholar
- [16] . 2014. Dynamic scheduling of network updates. In Proceedings of the 2014 Conference of the ACM Special Interest Group on Data Communication. 539–550.
DOI: Google ScholarDigital Library
- [17] . 2015. NetPaxos: Consensus at network speed. In Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research.7 pages.
DOI: Google ScholarDigital Library
- [18] . ([n. d.]). Distributed Key Generator. Retrieved 7 Dec., 2020 from https://crysp.uwaterloo.ca/software/DKG/.Google Scholar
- [19] . 1999. Muteness failure detectors: Specification and implementation. In Proceedings of the 3rd European Dependable Computing Conference on Dependable Computing. 71–87.
DOI: Google ScholarCross Ref
- [20] . 2011. Secure network provenance. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 295–310.
DOI: Google ScholarDigital Library
- [21] ([n. d.]). Ryu SDN Framework. Retrieved 7 Dec., 2020 from http://osrg.github.io/ryu.Google Scholar
- [22] . 2020. RoSCo: Robust updates for software-defined networks. IEEE Journal on Selected Areas in Communications 38, 7 (2020), 1352–1365.
DOI: Google ScholarCross Ref
- [23] . ([n. d.]). The Pairing Based Cryptography Library. Retrieved 7 Dec., 2020 from https://crypto.stanford.edu/pbc/.Google Scholar
- [24] ([n. d.]). OpenFlow Discovery Protocol. Retrieved 7 Dec., 2020 from https://groups.geni.net/geni/wiki/OpenFlowDiscoveryProtocol.Google Scholar
- [25] . Retrieved 20 Feb., 2021 https://internet2.edu.Google Scholar
- [26] . 2020. Consistent and secure network updates made practical. In Proceedings of the 21st International Middleware Conference. 149–162.
DOI: Google ScholarDigital Library
- [27] . 2015. OpenFlow Switch Specification.
v1.5.1. Google Scholar - [28] . 2018. sOFTDP: Secure and efficient openflow topology discovery protocol. In Proceedings of the 2018 IEEE/IFIP Network Operations and Management Symposium. 1–7.
DOI: Google ScholarDigital Library
- [29] . 2014. Tolerating SDN application failures with LegoSDN. In Proceedings of the 13th ACM Workshop on Hot Topics in Networks. 1–7.
DOI: Google ScholarDigital Library
- [30] . 2014. Rosemary: A robust, secure, and high-performance network operating system. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 78–89.
DOI: Google ScholarDigital Library
- [31] . 2016. Beehive: Simple distributed programming in software-defined networks. In Proceedings of the Symposium on SDN Research. 1–12.
DOI: Google ScholarDigital Library
- [32] . ([n. d.]). Secure your SDN controller. Retrieved 1 Jan., 2021 from https://www.networkworld.com/article/3245173/secure-your-sdn-controller.html.Google Scholar
- [33] . ([n. d.]). SDN Security Attack Vectors and SDN Hardening. Retrieved 1 Jan., 2021 from https://www.networkworld.com/article/2840273/sdn-security-attack-vectors-and-sdn-hardening.html.Google Scholar
- [34] . ([n. d.]). 9 Types of Software Defined Network attacks and how to protect from them. Retrieved 1 Jan., 2021 from https://www.routerfreak.com/9-types-software-defined-network-attacks-protect/.Google Scholar
- [35] . 2015. A man-in-the-middle attack against opendaylight SDN controller. In Proceedings of the 4th Annual ACM Conference on Research in Information Technology. 45–49.
DOI: Google ScholarDigital Library
- [36] . 2013. A denial of service attack against the open floodlight SDN controller. Dover Networks LCC, Edgewater, MD (2013). Retrieved 1 Jan., 2021 http://dovernetworks.com/wp-content/uploads/2013/12/OpenFloodlight-12302013.pdf.Google Scholar
- [37] ([n. d.]). OpenFlow PacketOut. Retrieved 7 Dec., 2020 from http://flowgrammable.org/sdn/openflow/message-layer/packetout/.Google Scholar
- [38] . 2016. The smaller, the shrewder: A simple malicious application can kill an entire SDN environment. In Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. 23–28.
DOI: Google ScholarDigital Library
- [39] ([n. d.]). Policy Framework for ONOS. Retrieved 7 May, 2020 from https://wiki.onosproject.org/display/ONOS/POLICY+FRAMEWORK+FOR+ONOS.Google Scholar
- [40] . 2014. P4: Programming protocol-independent packet processors. SIGCOMM Computer Communication Review 44, 3 (2014), 87–95.
DOI: Google ScholarDigital Library
- [41] ([n. d.]). OpenDaylight Group Based Policy. Retrieved 1 Jan., 2021 from https://docs.opendaylight.org/en/stable-fluorine/user-guide/group-based-policy-user-guide.html.Google Scholar
- [42] . 2017. A survey: Control plane scalability issues and approaches in software-defined networking (SDN). Computer Networks 112 (2017), 279–293.
DOI: http://dx.doi.org/0.1016/j.comnet.2016.11.017Google ScholarDigital Library
- [43] . 2013. Decoupling policy from routing with software defined interdomain management: Interdomain routing for SDN-based networks. In Proceedings of the 2013 22nd International Conference on Computer Communication and Networks. 1–6.
DOI: Google ScholarCross Ref
- [44] . 2015. Inside the social network’s (datacenter) network. In Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication. 123–137.
DOI: Google ScholarDigital Library
- [45] . 2008. NOX: Towards an operating system for networks. SIGCOMM Computer Communication Review 38, 3 (2008), 105–110.
DOI: Google ScholarDigital Library
- [46] ([n. d.]). Cisco Open SDN Controller. Retrieved 7 May, 2020 from http://www.cisco.com/c/en/us/products/cloud-systems-management/opensdn-controller/index.html.Google Scholar
- [47] ([n. d.]). OpenDaylight. Retrieved 1 April, 2020 from https://www.opendaylight.org.Google Scholar
- [48] ([n. d.]). Central Office Re-architected as a Datacenter (CORD). Retrieved 1 April, 2020 from https://opencord.org/.Google Scholar
- [49] ([n. d.]). Packet-Optical. Retrieved 1 April, 2020 from https://wiki.onosproject.org/display/ONOS/Packet+Optical+Convergence.Google Scholar
- [50] ([n. d.]). Configuring TLS for inter-controller communication. Retrieved 1 April, 2020 from https://wiki.onosproject.org/display/ONOS/Configuring+TLS+for+inter-controller+communication.Google Scholar
- [51] ([n. d.]). Configuring OVS connection using SSL/TLS with self-signed certificates. Retrieved 1 April, 2020 from https://wiki.onosproject.org/pages/viewpage.action?pageId=6358090.Google Scholar
- [52] . 2016. Design and implementation of a consistent data store for a distributed SDN control plane. In Proceedings of the 2016 12th European Dependable Computing Conference. 169–180.
DOI: Google ScholarCross Ref
- [53] . 2016. Event-driven network programming. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation. 369–385.
DOI: Google ScholarDigital Library
- [54] . 2017. Decentralized consistent updates in SDN. In Proceedings of the Symposium on SDN Research. 21–33.
DOI: Google ScholarDigital Library
- [55] . 2016. Optimal consistent network updates in polynomial time. In Proceedings of the International Symposium on Distributed Computing. 114–128.
DOI: Google ScholarCross Ref
- [56] . 2012. Header space analysis: Static checking for networks. In Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation. 113–126.Google Scholar
- [57] . 2017. A general approach to network configuration verification. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication. 155–168.
DOI: Google ScholarDigital Library
- [58] . 2017. OpenFlow communications and TLS security in software-defined networks. In Proceedings of the 2017 IEEE International Conference on Internet of Things and IEEE Green Computing and Communications and IEEE Cyber, Physical and Social Computing and IEEE Smart Data. 560–566.
DOI: Google ScholarCross Ref
- [59] . 2016. The good, the bad, and the differences: Better network diagnostics with differential provenance. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication. 115–128.
DOI: Google ScholarDigital Library
- [60] . 2014. I know what your packet did last hop: Using packet histories to troubleshoot networks. In Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation.Google Scholar
Digital Library
- [61] . 2013. An SDN approach: Quality of service using big switch’s floodlight open-source controller. Proceedings of the Asia-Pacific Advanced Network 35 (2013), 14–19.
DOI: Google ScholarCross Ref
- [62] . 2017. DistBlockNet: A distributed blockchains-based secure SDN architecture for IoT networks. IEEE Communications Magazine 55, 9 (2017), 78–85.
DOI: Google ScholarDigital Library
- [63] Arash Shaghaghi, Mohamed Ali Kaafar, Rajkumar Buyya, and Sanjay Jha. 2020. Software-Defined Network (SDN) Data Plane Security: Issues, Solutions and Future Directions. In Handbook of Computer Networks and Cyber Security. 341–387.Google Scholar
- [64] . 2017. Virtualized network views for localizing misbehaving sources in SDN data planes. In Proceedings of the 2017 IEEE International Conference on Communications. 1–7.
DOI: Google ScholarCross Ref
- [65] . 2014. A verification platform for SDN-enabled applications. In Proceedings of the 2014 IEEE International Conference on Cloud Engineering. 337–342.
DOI: Google ScholarDigital Library
- [66] . 2021. Detecting malicious switches for a secure software-defined tactile internet. ACM Transactions on Internet Technology 21, 4 (2021), 1–23.
DOI: Google ScholarDigital Library
- [67] . 2022. DDoS detection in software-defined network using entropy method. In Proceedings of the 7th International Conference on Mathematics and Computing. 129–139.
DOI: Google ScholarCross Ref
- [68] . 2017. DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arabian Journal for Science and Engineering 42, 2 (2017), 425–441.
DOI: Google ScholarCross Ref
- [69] . 2016. FlowTrApp: An SDN based architecture for DDoS attack detection and mitigation in data centers. In Proceedings of the 2016 3rd International Conference on Signal Processing and Integrated Networks. 519–524.
DOI: Google ScholarCross Ref
- [70] . 2020. MitM detection and defense mechanism CBNA-RF based on machine learning for large-scale SDN context. Journal of Ambient Intelligence and Humanized Computing 11, 12 (2020), 5875–5894.
DOI: Google ScholarCross Ref
- [71] . 2014. ESPRES: Transparent SDN update scheduling. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. 73–78.
DOI: Google ScholarDigital Library
- [72] . 2015. Efficient synthesis of network updates. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation. 196–207.
DOI: Google ScholarDigital Library
- [73] . 1994. Threshold cryptography. European Transactions on Telecommunications 5, 4 (1994), 449–458.
DOI: Google ScholarCross Ref
- [74] . 1996. Robust threshold DSS signatures. In Proceedings of the Advances in Cryptology – EUROCRYPT. 354–371.
DOI: Google ScholarCross Ref
- [75] . 1979. How to share a secret. Communications of the ACM 22, 11 (1979), 612–613.
DOI: Google ScholarDigital Library
- [76] . 1985. Verifiable secret sharing and achieving simultaneity in the presence of faults. In Proceedings of the 26th Annual Symposium on Foundations of Computer Science. 383–395.
DOI: Google ScholarDigital Library
- [77] . 2012. Distributed Key Generation in the Wild. Cryptology ePrint Archive, Paper 2012/377. (2012). Retrieved 7 Dec., 2020 from https://eprint.iacr.org/2012/377.Google Scholar
- [78] . 1994. A Modular Approach to Fault-Tolerant Broadcasts and Related Problems.
Technical Report . Cornell University.Google ScholarDigital Library
- [79] . 1996. Unreliable failure detectors for reliable distributed systems. Journal of the ACM 43, 2 (1996), 225–267.
DOI: Google ScholarDigital Library
- [80] . 2007. PeerReview: Practical accountability for distributed systems. In Proceedings of the21st ACM SIGOPS Symposium on Operating Systems Principles. 175–188.
DOI: Google ScholarDigital Library
- [81] . 2007. Attested append-only memory: Making adversaries stick to their word. In Proceedings of the21st ACM SIGOPS Symposium on Operating Systems Principles. 189–204.
DOI: Google ScholarDigital Library
- [82] . 2018. Hyperledger fabric: A distributed operating system for permissioned blockchains. In Proceedings of the 13th EuroSys Conference. 30:1–30:15.
DOI: Google ScholarDigital Library
- [83] . 2018. OmniLedger: A secure, scale-out, decentralized ledger via sharding. In Proceedings of the 2018 IEEE Symposium on Security and Privacy. 19–34.
DOI: Google ScholarCross Ref
- [84] . 2018. RapidChain: Scaling blockchain via full sharding. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 931–948.
DOI: Google ScholarDigital Library
- [85] . 2012. On the (limited) power of non-equivocation. In Proceedings of the 2012 ACM Symposium on Principles of Distributed Computing. 301–308.
DOI: Google ScholarDigital Library
- [86] . 2010. Reconfiguring a state machine. ACM SIGACT News 41, 1 (2010), 63–73.
DOI: Google ScholarDigital Library
- [87] . 1998. The part-time parliament. ACM Transactions on Computer Systems 16, 2 (1998), 133–169.
DOI: Google ScholarDigital Library
- [88] . 2020. When match fields do not need to match: Buffered packets hijacking in SDN. In Proceedings of the 27th Annual Network and Distributed System Security Symposium.
DOI: Google ScholarCross Ref
- [89] . 2004. Short signatures from the weil pairing. Journal of Cryptology 17, 4 (2004), 297–319.
DOI: Google ScholarDigital Library
- [90] ([n. d.]). OpenFlow Role Request Messages. Retrieved 7 Dec., 2020 from https://ryu.readthedocs.io/en/latest/ofproto_v1_3_ref.html#role-request-message.Google Scholar
- [91] Standard for Local and Metropolitan Area Networks - Station and Media Access Control Connectivity Discovery, 802.1AB-REV Draft 6.0, IEEE, Jun. 24.Google Scholar
- [92] ([n. d.]). About DETERLab. Retrieved 1 April, 2020 from https://deter-project.org/about_deterlab.Google Scholar
- [93] ([n. d.]). DETERLab PC3000 Node Information. Retrieved 1 April, 2020 from https://www.isi.deterlab.net/shownodetype.php?node_type=pc3000.Google Scholar
- [94] ([n. d.]). OpenVz. Retrieved 1 April, 2020 from https://openvz.org/.Google Scholar
- [95] ([n. d.]). Introducing data center fabric, the next-generation Facebook data center network. Retrieved 7 May, 2020 from https://code.fb.com/production-engineering/introducing-data-center-fabric-the-next-generation-facebook-data-center-network/.Google Scholar
- [96] ([n. d.]). The Internet Topology Zoo. Retrieved 7 May, 2020 from http://www.topology-zoo.org/.Google Scholar
- [97] . 2014. Five nines of southbound reliability in software-defined networks. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. 31–36.
DOI: Google ScholarDigital Library
Index Terms
Secure and Reliable Network Updates
Recommendations
Consistent and Secure Network Updates Made Practical
Middleware '20: Proceedings of the 21st International Middleware ConferenceSoftware-defined wide area networking (SD-WAN) enables dynamic network policy control over a large distributed network via network updates. To be practical, network updates must be both consistent, i.e., free of transient errors caused by updates to ...
Timed consistent network updates
SOSR '15: Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking ResearchNetwork updates such as policy and routing changes occur frequently in Software Defined Networks (SDN). Updates should be performed consistently, preventing temporary disruptions, and should require as little overhead as possible. Scalability is ...
Perfectly reliable and secure message transmission tolerating mobile adversary
We study the problem of perfectly reliable message transmission (PRMT) and perfectly secure message transmission (PSMT) in an undirected synchronous network tolerating an all powerful threshold mobile Byzantine adversary. Specifically, we show that the ...






Comments