Abstract
The networking is the backbone that supports the vast area of Information Technology. SDN is the new road that takes the conventional networking to greater heights. SDN is going to aid all future innovations and developments in the field of networking. SDN stands for Software Defined Networking, this separates the network into two planes namely data plane and control plane. A data plane is the abstraction of all the hardware side of the network and the control plane is the central unit that acts like a brain controlling the entire network. This dual architecture thus helps to maintain a network that is centralized, highly scalable, flexible etc. The programmability of the network opens the window of scope for greater innovations and developments. SDN can gracefully accommodate technology shifts. At the same time SDN posses certain security issues that need to be addressed. As a widely flourishing and developing networking method, these security issues need to be tackled. In this paper we are trying to address the security issue of rewriting flow entries in switches. We propose an algorithm for the detection of incongruence between firewall rules and flow rules and thus we overcome the threat caused by modification of flow entries. The proposed system is for Open Flow based Firewalls. The system is intended to boost the security capabilities of SDN, thereby minimizing some of the security challenges in SDN.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hongxin Hu, Wonkyu Han, Gail-JoonAhn and Ziming Zhao “FLOWGUARD: Building Robust Firewalls for Software-Defined Networks” Clemson University Arizona State University.
Wolfgang Braun and Michael Menth “Software-Defined Networking Using OpenFlow: Protocols, Applications and Architectural Design Choices” Department of Computer Science, University of Tuebingen, Sand 13, Tuebingen 72076, Germany.
Phillip Porras, Steven Cheung, MartinFong, Keith Skinner, and VinodYegneswaran “Securing the Software-Defined Network Control Layer”.
Seunghyeon Lee, Chanhee Lee, Hyeonseong Jo, Jinwoo Kim, Seungsoo Lee, Jaehyun Nam, Taejune Park, Changhoon Yoon, Yeonkeun Kim, Heedo Kang, and Seungwon Shin “A Playground for Software-Defined Networking Security” GSIS, School of Computing, KAIST.
Jérôme François, LautaroDolberg, Olivier Festor, Thomas EngelSnT “Network Security through Software Defined Networking: a Survey” - University of Luxembourg.
Michelle Suh, SaeHyong Park, Byungjoon Lee, Sunhee Yang “Building Firewall over the Software-Defined Network Controller” SDN Research Section, ETRI (Electronics and Telecommunications Research Institute), Korea.
Hongxin Hu, Wonkyu Han, Gail-JoonAhn, and ZimingZhao “Towards a reliable SDN firewall” Clemson University Arizona State University.
Michael Jarschel, Thomas Zinner, Tobias Hobfeld, Phuoc Tran-Gia. “Interfaces, attributes and use cases—a compass for SDN”.
Mininet, an instant virtual platform http://mininet.org/.
PeymanKazemian, Nick McKeown, George Varghese “Header Space Analysis: Static Checking For Networks” Stanford University, UCSD and Yahoo! Research.
Juan Wang, Yang Wang, Hongxin Hu, Qingxin Sun, He Shi, and LangjieZeng. “Towards a Security-Enhanced Firewall Application for Openflow Network”.
PeymanKazemian, Michael Chang, HongyiZeng, George Varghese, Nick McKeown, Scott Whyte “Real Time Network Policy Checking using Header Space Analysis”.
Pooja, Manu Sood “SDN and Mininet: Some Basic Concepts” Department of Computer Science, Himachal Pradesh University, Shimla.
Sukhveer Kaur1, Japinder Singh2 and Navtej Singh Ghumman “Network Programmability Using POX Controller” 3 1,2,3 Department of Computer Science and Engineering, SBS State Technical Campus, Ferozepur, India.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Pallavi, N., Anisha, A.S., Leena, V. (2017). Detection of Incongruent Firewall Rules and Flow Rules in SDN. In: Dash, S., Vijayakumar, K., Panigrahi, B., Das, S. (eds) Artificial Intelligence and Evolutionary Computations in Engineering Systems. Advances in Intelligent Systems and Computing, vol 517. Springer, Singapore. https://doi.org/10.1007/978-981-10-3174-8_2
Download citation
DOI: https://doi.org/10.1007/978-981-10-3174-8_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-3173-1
Online ISBN: 978-981-10-3174-8
eBook Packages: EngineeringEngineering (R0)