SDSecurity: A Software Defined Security Experimental Framework (SDSec…
SDSecurity: A Software Defined Security Experimental Framework
Software Defined Security (SDSec) is a new technology emerging under the SDSys paradigm. It is an example of a
Network Function Virtualization (NFV).
In SDSec the functions of network devices, like intrusion detection, firewalling and others, are extracted from the hardware appliances to a software layer
Apart from SDN, there exist no simulation environments for most SDSys, including SDSec
Virtualization requires virtualized security
Analog to the SDN architecture:
Physical: database arrays, switches, routers, or any other asset
Catbird , vShield , , OneControl , vArmour
OpenFlow-based SDN simulator
host, which sends and receives the packets
the switch, which stores all the required rules to forward the packets to its destinations
central controller, which handles the functionality of control and management operations in the network.
unable to handle large scale networks
Build up on mininet. Extends the definitions of host, switch and controller to add features to emulate SDSec.
Host + parameters of TRUST, ZONE_ID, PERMISSIONS, RESOURCES CONSUMPTION, SCOPE
Switch + POLICIY TABLE
POX Controller + Access policies in a POLICY TABLE
3 tests for DoS attacks. Proves that SDN can detect and mitigate the attack, identifying it and reducing the resource use
In fact, when the controller detects a DoS attack it blocks the attacker and eliminates its previous requests.
Scenario: 1 controller, 2 switches, 40 hosts (20 per switch)
:star: Distributed controllers
:star: Additional policy controls in the elements