|
|
|
|
|
New SDN-Oriented Distributed Network Security System |
|
PP: 673-683 |
|
doi:10.18576/amis/120401
|
|
Author(s) |
|
Fahad Nife,
Zbigniew Kotulski,
Omar Reyad,
|
|
Abstract |
|
Software-Defined Network (SDN) is a network technology attempts to open new possibilities in network management and
orchestration. This is important in future (especially mobile) networks, where virtualization of resources and network functions is
the basic paradigm. SDN has been proposed to programmatically control networks, facilitating deployment of new applications and
services, as well as tuning network policy and performance. It represents an important change in the way networks are architected,
built, and managed. In this new networking paradigm, a network control plane is physically decoupled from a forwarding plane and
is directly programmable. In SDN networks, the control plane supports a logically centralized controller which has a global view of
the entire network; it gathers information from the data plane to be processed by the management tasks which are implemented as
applications running on the top of the controller. Based on the global view, these applications make packets processing decisions and
distribute them to the data plane via the controller. However, security of such networks with their programmability and centralized
points of control is not currently ensured on a sufficient level. In this paper, we present the concept of a new security system for
SDN-based networks, which can be easily integrated with the existing network infrastructure as well as can provide security of all
network components. It consists of two main subsystems: the network authentication and access control system to protect the network
control and the distributed firewall system to protect data transmission. Such a system enables creating additional boundaries within
the network to provide a multi-plane system of defense, solves the problem of a single point of failure, and makes it easy to protect the
network from external attacks as well as from internal malicious users. |
|
|
|
|
|