Please enable JavaScript.
Coggle requires JavaScript to display documents.
SDSecurity: A Software Defined Security Experimental Framework (SDSec…
SDSecurity: A Software Defined Security Experimental Framework
SDSec overview
In SDSec the functions of network devices, like intrusion detection, firewalling and others, are extracted from the hardware appliances to a software layer
Software Defined Security (SDSec) is a new technology emerging under the SDSys paradigm. It is an example of a
Network Function Virtualization (NFV).
Apart from SDN, there exist no simulation environments for most SDSys, including SDSec
SDSec
Definition
Virtualization requires virtualized security
Architecture
Analog to the SDN architecture:
Application:
Control: Brain
Physical: database arrays, switches, routers, or any other asset
Features
Abstraction
Automation
Elasticity
Concurrency control
Visibility
Portability
Commercial implementations
Catbird [6], vShield [10], [11], OneControl [12], vArmour
Mininet
OpenFlow-based SDN simulator
host, which sends and receives the packets
the switch, which stores all the required rules to forward the packets to its destinations
central controller, which handles the functionality of control and management operations in the network.
unable to handle large scale networks
Emulator
SDSec
Build up on mininet. Extends the definitions of host, switch and controller to add features to emulate SDSec.
Host + parameters of TRUST, ZONE_ID, PERMISSIONS, RESOURCES CONSUMPTION, SCOPE
Switch + POLICIY TABLE
POX Controller + Access policies in a POLICY TABLE
Experiment
and results
3 tests for DoS attacks. Proves that SDN can detect and mitigate the attack, identifying it and reducing the resource use
In fact, when the controller detects a DoS attack it blocks the attacker and eliminates its previous requests.
Scenario: 1 controller, 2 switches, 40 hosts (20 per switch)
Future
work
:star: Distributed controllers
:star: Additional policy controls in the elements