New SDN-Oriented Distributed Network Security System

Fahad Nife , Zbigniew Kotulski , Omar Reyad

Abstract

Software-Defined Network (SDN) is a network technology attempts to open new possibilities in network management and orchestration. This is important in future (especially mobile) networks, where virtualization of resources and network functions is the basic paradigm. SDN has been proposed to programmatically control networks, facilitating deployment of new applications and services, as well as tuning network policy and performance. It represents an important change in the way networks are architected, built, and managed. In this new networking paradigm, a network control plane is physically decoupled from a forwarding plane and is directly programmable. In SDN networks, the control plane supports a logically centralized controller which has a global view of the entire network; it gathers information from the data plane to be processed by the management tasks which are implemented as applications running on the top of the controller. Based on the global view, these applications make packets processing decisions and distribute them to the data plane via the controller. However, security of such networks with their programmability and centralized points of control is not currently ensured on a sufficient level. In this paper, we present the concept of a new security system for SDN-based networks, which can be easily integrated with the existing network infrastructure as well as can provide security of all network components. It consists of two main subsystems: the network authentication and access control system to protect the network control and the distributed firewall system to protect data transmission. Such a system enables creating additional boundaries within the network to provide a multi-plane system of defense, solves the problem of a single point of failure, and makes it easy to protect the network from external attacks as well as from internal malicious users.
Author Fahad Nife
Fahad Nife,,
-
, Zbigniew Kotulski (FEIT / IT)
Zbigniew Kotulski,,
- The Institute of Telecommunications
, Omar Reyad
Omar Reyad,,
-
Journal seriesApplied Mathematics & Information Sciences, ISSN 1935-0090, e-ISSN 2325-0399, (0 pkt)
Issue year2018
Vol12
No4
Pages673-683
Publication size in sheets0.5
Keywords in EnglishSDN, Network Security, Stateful Firewall, 802.1x, Access Control Mechanism
DOIDOI:10.18576/amis/120401
URL http://naturalspublishing.com/Article.asp?ArtcID=14548
Languageen angielski
File
2018 Fahad Kotulski New SDN-Oriented Distributed Network Security System.pdf 438.52 KB
Score (nominal)0
ScoreMinisterial score = 0.0, 01-08-2018, ArticleFromJournal
Ministerial score (2013-2016) = 0.0, 01-08-2018, ArticleFromJournal - czasopismo zagraniczne spoza list
Citation count*
Cite
Share Share

Get link to the record


* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Back