Login New user?  
01-Applied Mathematics & Information Sciences
An International Journal
               
 
 
 
 
 
 
 
 
 
 
 
 
 

Content
 

Volumes > Volume 12 > No. 4

 
   

New SDN-Oriented Distributed Network Security System

PP: 673-683
doi:10.18576/amis/120401
Author(s)
Fahad Nife, Zbigniew Kotulski, Omar Reyad,
Abstract
Software-Defined Network (SDN) is a network technology attempts to open new possibilities in network management and orchestration. This is important in future (especially mobile) networks, where virtualization of resources and network functions is the basic paradigm. SDN has been proposed to programmatically control networks, facilitating deployment of new applications and services, as well as tuning network policy and performance. It represents an important change in the way networks are architected, built, and managed. In this new networking paradigm, a network control plane is physically decoupled from a forwarding plane and is directly programmable. In SDN networks, the control plane supports a logically centralized controller which has a global view of the entire network; it gathers information from the data plane to be processed by the management tasks which are implemented as applications running on the top of the controller. Based on the global view, these applications make packets processing decisions and distribute them to the data plane via the controller. However, security of such networks with their programmability and centralized points of control is not currently ensured on a sufficient level. In this paper, we present the concept of a new security system for SDN-based networks, which can be easily integrated with the existing network infrastructure as well as can provide security of all network components. It consists of two main subsystems: the network authentication and access control system to protect the network control and the distributed firewall system to protect data transmission. Such a system enables creating additional boundaries within the network to provide a multi-plane system of defense, solves the problem of a single point of failure, and makes it easy to protect the network from external attacks as well as from internal malicious users.

  Home   About us   News   Journals   Conferences Contact us Copyright naturalspublishing.com. All Rights Reserved