Spelling suggestions: "subject:"softwaredefined networking"" "subject:"softwaredefined etworking""
141 |
Model based testing techniques for software defined networks / Méthodes de test basées sur les modèles pour la validation des réseaux logiciels (SDN)Berriri, Asma 22 October 2019 (has links)
Les réseaux logiciels (connus sous l'éppellation: Software Defined Networking, SDN), qui s'appuient sur le paradigme de séparation du plan de contrôle et du plan d'acheminement, ont fortement progressé ces dernières années pour permettre la programmabilité des réseaux et faciliter leur gestion. Reconnu aujourd'hui comme des architectures logicielles pilotées par des applications, offrant plus de programmabilité, de flexibilité et de simplification des infrastructures, les réseaux logiciels sont de plus en plus largement adoptés et graduellement déployés par l'ensemble des fournisseurs. Néanmoins, l'émergence de ce type d'architectures pose un ensemble de questions fondamentales sur la manière de garantir leur correct fonctionnement. L'architecture logicielle SDN est elle-même un système complexe à plusieurs composants vulnérable aux erreurs. Il est essentiel d'en assurer le bon fonctionnement avant déploiement et intégration dans les infrastructures.Dans la littérature, la manière de réaliser cette tâche n'a été étudiée de manière approfondie qu'à l'aide de vérification formelle. Les méthodes de tests s'appuyant sur des modèles n'ont guère retenu l'attention de la communauté scientifique bien que leur pertinence et l'efficacité des tests associés ont été largement demontrés dans le domaine du développement logiciel. La création d'approches de test efficaces et réutilisables basées sur des modèles nous semble une approche appropriée avant tout déploiement de réseaux virtuels et de leurs composants. Le problème abordé dans cette thèse concerne l'utilisation de modèles formels pour garantir un comportement fonctionnel correct des architectures SDN ainsi que de leurs composants. Des approches formelles, structurées et efficaces de génération de tests sont les principale contributions de la thèse. En outre, l'automatisation du processus de test est mis en relief car elle peut en réduire considérablement les efforts et le coût.La première contribution consiste en une méthode reposant sur l'énumération de graphes et qui vise le test fonctionnel des architectures SDN. En second lieu, une méthode basée sur un circuit logique est développée pour tester la fonctionnalité de transmission d'un commutateur SDN. Plus loin, cette dernière méthode est étendue pour tester une application d'un contrôleur SDN. De plus, une technique basée sur une machine à états finis étendus est introduite pour tester la communication commutateur-contrôleur.Comme la qualité d'une suite de tests est généralement mesurée par sa couverture de fautes, les méthodes de test proposées introduisent différents modèles de fautes et génèrent des suites de tests avec une couverture de fautes guarantie. / Having gained momentum from its concept of decoupling the traffic control from the underlying traffic transmission, Software Defined Networking (SDN) is a new networking paradigm that is progressing rapidly addressing some of the long-standing challenges in computer networks. Since they are valuable and crucial for networking, SDN architectures are subject to be widely deployed and are expected to have the greatest impact in the near future. The emergence of SDN architectures raises a set of fundamental questions about how to guarantee their correctness. Although their goal is to simplify the management of networks, the challenge is that the SDN software architecture itself is a complex and multi-component system which is failure-prone. Therefore, assuring the correct functional behaviour of such architectures and related SDN components is a task of paramount importance, yet, decidedly challenging.How to achieve this task, however, has only been intensively investigated using formal verification, with little attention paid to model based testing methods. Furthermore, the relevance of models and the efficiency of model based testing have been demonstrated for software engineering and particularly for network protocols. Thus, the creation of efficient and reusable model based testing approaches becomes an important stage before the deployment of virtual networks and related components. The problem addressed in this thesis relates to the use of formal models for guaranteeing the correct functional behaviour of SDN architectures and their corresponding components. Formal, and effective test generation approaches are in the primary focus of the thesis. In addition, automation of the test process is targeted as it can considerably cut the efforts and cost of testing.The main contributions of the thesis relate to model based techniques for deriving high quality test suites. Firstly, a method relying on graph enumeration is proposed for the functional testing of SDN architectures. Secondly, a method based on logic circuit is developed for testing the forwarding functionality of an SDN switch. Further on, the latter method is extended to test an application of an SDN controller. Additionally, a technique based on an extended finite state machine is introduced for testing the switch-to-controller communication. As the quality of a test suite is usually measured by its fault coverage, the proposed testing methods introduce different fault models and seek for test suites with guaranteed fault coverage that can be stated as sufficient conditions for a test suite completeness / exhaustiveness.
|
142 |
Software-defined Situation-aware Cloud SecurityJanuary 2020 (has links)
abstract: The use of reactive security mechanisms in enterprise networks can, at times, provide an asymmetric advantage to the attacker. Similarly, the use of a proactive security mechanism like Moving Target Defense (MTD), if performed without analyzing the effects of security countermeasures, can lead to security policy and service level agreement violations. In this thesis, I explore the research questions 1) how to model attacker-defender interactions for multi-stage attacks? 2) how to efficiently deploy proactive (MTD) security countermeasures in a software-defined environment for single and multi-stage attacks? 3) how to verify the effects of security and management policies on the network and take corrective actions?
I propose a Software-defined Situation-aware Cloud Security framework, that, 1) analyzes the attacker-defender interactions using an Software-defined Networking (SDN) based scalable attack graph. This research investigates Advanced Persistent Threat (APT) attacks using a scalable attack graph. The framework utilizes a parallel graph partitioning algorithm to generate an attack graph quickly and efficiently. 2) models single-stage and multi-stage attacks (APTs) using the game-theoretic model and provides SDN-based MTD countermeasures. I propose a Markov Game for modeling multi-stage attacks. 3) introduces a multi-stage policy conflict checking framework at the SDN network's application plane. I present INTPOL, a new intent-driven security policy enforcement solution. INTPOL provides a unified language and INTPOL grammar that abstracts the network administrator from the underlying network controller's lexical rules. INTPOL develops a bounded formal model for network service compliance checking, which significantly reduces the number of countermeasures that needs to be deployed. Once the application-layer policy conflicts are resolved, I utilize an Object-Oriented Policy Conflict checking (OOPC) framework that identifies and resolves rule-order dependencies and conflicts between security policies. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2020
|
143 |
Hardwarová akcelerace aplikací pro monitorování a bezpečnost vysokorychlostních sítí / Hardware Acceleration of Network Security and Monitoring ApplicationsKekely, Lukáš January 2013 (has links)
This master's thesis deals with the design of software controlled hardware acceleration system for high-speed networks. The main goal is to provide easy access to acceleration for various network security and monitoring applications. The proposed system is designed for 100 Gbps networks. It enables high-speed processing on an FPGA card together with flexible software control. The combination of hardware speed and software flexibility allows easy creation of complex high-performance network applications. Achievable performance improvement of three chosen monitoring and security applications is shown using simulation model of the designed system.
|
144 |
Software Defined Networking and Tunneling for Mobile NetworksLiu, Binghan January 2013 (has links)
With the deployment of Long Term Evolution (LTE) networks, mobile networks will become an important infrastructure component in the cloud ecosystem. However, in the cloud computing era, traditional routing and switching platforms do not meet the requirements of this new trend, especially in a mobile network environment. With the recent advances in software switches and efficient virtualization using commodity servers, Software Defined Networking (SDN) has emerged as a powerful technology to meet the new requirements for supporting a new generation of cloud service. This thesis describers an experimental investigation of cloud computing, SDN, and a mobile network’s packet core. The design of a mobile network exploiting the evolution of SDN is also presented. The actual implementation consists of a GTP enabled Open vSwitch together with the transparent mode of mobile network SDN evolution. Open vSwitch is a SDN product designed for computer networks. The implementation extends Open vSwitch with an implementation of the GTP protocol. This extension enables Open vSwitch to be an excellent SDN component for mobile networks. In transparent mode, a cloud data center is deployed without making any modification to the existing mobile networks. In the practical evaluation of the GTP-U tunnel protocol implementation, the measured metrics are UDP and TCP throughput, end-to-end latency and jitter. Two experiments have been conducted and described in the evaluation chapter. Cloud computing has become one of the hottest Internet topics. It is attractive for the mobile network to adopt cloud computing technology in order to enjoy the benefits of cloud computing. For example, to reduce network construction cost, make the network deployment more flexible, etc. This thesis presents an potential direction for mobile network cloud computing. Since this thesis relies on open source projects, readers may use the results to explore a feasible direction for mobile network cloud computing evolution. / Med utbyggnaden av långa (LTE) Term Evolution nätverk, mobila nätverk kommer blivit en viktig infrastruktur komponent i molnet ekosystemet. Men i cloud computing eran, uppfyller traditionella routing och switching plattformar inte kraven i denna nya trend, särskilt i ett mobilnät miljö. Med de senaste framstegen i programvara växlar och effektiv virtualisering påråvaror servrar, programvarustyrd Nätverk (SDN) har utvecklats till en kraftfull teknik för att möta de nya kraven för att stödja en ny generation av molntjänst. Denna avhandling beskrivarna en försöksverksamhet inriktad undersökning av cloud computing, SDN och ett mobilnät är Packet Core. Utformningen av ett mobilnät utnyttja SDN utveckling presenteras också. Det faktiska genomförandet består av en GTP aktiverad Open Vswitch tillsammans med transparent läge av mobilnätet SDN evolution. Öppna Vswitch är en SDN-produkt avsedd för datornätverk. Genomförandet utökar Open Vswitch med en implementering av GTP-protokollet. Denna uppgradering gör Open Vswitch vara som en utmärkt SDN komponent för mobila nätverk. I transparent läge är ett moln datacenter utplacerade utan göra eventuella ändringar till befintliga mobilnät. I den praktiska utvärderingen av GTP-U tunnel protokollimplementering, de uppmätta mått är UDP och TCP genomströmning, end-to-end-latens, jitter och paketförluster. Tvåexperiment har utförts i utvärderingen kapitlet. Cloud computing har blivit en av de hetaste av Internet. Således kan framtiden för det mobila nätet ocksåanta teknik cloud computing och dra nytta av cloud computing. Till exempel minska kostnaderna nätbyggnad, gör nätverket distribuera mer flexibla, etc. .. Denna avhandling presenterar en möjlig inriktning för mobilnät cloud computing. Eftersom denna avhandling bygger påopen source-projekt, läsarna använda resultatet av den att utforska möjliga riktning mobilnät cloud computing utveckling.
|
145 |
The design of an effective extreme controller mechanism scheme for software defined cognitive radio networkSibanda, Brian January 2021 (has links)
Thesis( M. A. (Computer Science)) -- University of Limpopo , 2021 / In Software Defined Cognitive Radio Network (SDCRN), network security is a
significant issue. This issue arises when Software Defined Network (SDN) architecture
integrates with the Cognitive Radio Network (CRN) technology. SDN is designed to
improve network resource management, while CRN technology is meant at improving
spectrum management. These technologies are vulnerable to several malicious
attacks. These attacks include Distributed Denial of Service (DDoS) and Primary User
Emulation (PUE). Both the DDoS and PUE can be disrupt services in the SDCRN. To
curb these attacks, schemes which hardens the security of SDCRN need to be
designed. Thus, in this study we propose a security mechanism called
Extreme_Controller_Mechanism (XCM) that reduce the effects of DDoS and PUE. The
proposed XCM scheme was designed and evaluated in three simulation environment,
the OMNeT++, Octave, and MATLAB simulators. The SDCRN data set was generated
using the Neural Network back propagation algorithms. The data set was then used
in Matlab to evaluate the effectiveness of the prosed XCM scheme. XCM proved to be
effective and efficient at detection and prevention of DDoS and PUE attacks in
SDCRN. In terms of memory and processor utilisation, XCM proved to the best when
compared to other schemes such as the Advanced Support Vector Machine (ASVM)
and deep learning convolution network (CDLN). But in terms of detection time, the
ASVM was found to be the best performing scheme. Regarding our test for detection
rate, false positive and false negative, the XCM, ASVM and CDLM performed the
same. The results of the XCM were therefore the best and superior to the ASVM and
CDLM. This can be attributed to the fact that the XCM scheme is optimised for DDoS
and PUE attacks. We can therefore conclude that our XCM scheme is the best
performing scheme compared to the ASVM and CDLN schemes.
|
146 |
Policy-driven autonomic cyberdefense using software-defined networking / Cyberdefense autonome pilotée par règles à l'aide d'un réseau défini par logicielSahay, Rishikesh 14 November 2017 (has links)
Les attaques cybernétiques causent une perte importante non seulement pour les utilisateurs finaux, mais aussi pour les fournisseurs de services Internet (FAI). Récemment, les clients des FAI ont été la cible numéro un de cyber-attaques telles que les attaques par déni de service distribué (DDoS). Ces attaques sont favorisées par la disponibilité généralisée outils pour lancer les attaques. Il y a donc un besoin crucial de contrer ces attaques par des mécanismes de défense efficaces. Les chercheurs ont consacré d’énormes efforts à la protection du réseau contre les cyber-attaques. Les méthodes de défense contiennent d’abord un processus de détection, complété par l’atténuation. Le manque d’automatisation dans tout le cycle de détection à l’atténuation augmente les dégâts causés par les cyber-attaques. Cela provoque des configurations manuelles de périphériques l’administrateur pour atténuer les attaques affectent la disponibilité du réseau. Par conséquent, il est nécessaire de compléter la boucle de sécurité avec un mécanisme efficace pour automatiser l’atténuation. Dans cette thèse, nous proposons un cadre d’atténuation autonome pour atténuer les attaques réseau qui visent les ressources du réseau, comme par les attaques exemple DDoS. Notre cadre fournit une atténuation collaborative entre le FAI et ses clients. Nous utilisons la technologie SDN (Software-Defined Networking) pour déployer le cadre d’atténuation. Le but de notre cadre peut se résumer comme suit : d’abord, les clients détectent les attaques et partagent les informations sur les menaces avec son fournisseur de services Internet pour effectuer l’atténuation à la demande. Nous développons davantage le système pour améliorer l’aspect gestion du cadre au niveau l’ISP. Ce système effectue l’extraction d’alertes, l’adaptation et les configurations d’appareils. Nous développons un langage de politique pour définir la politique de haut niveau qui se traduit par des règles OpenFlow. Enfin, nous montrons l’applicabilité du cadre par la simulation ainsi que la validation des tests. Nous avons évalué différentes métriques QoS et QoE (qualité de l’expérience utilisateur) dans les réseaux SDN. L’application du cadre démontre son efficacité non seulement en atténuant les attaques pour la victime, mais aussi en réduisant les dommages causés au trafic autres clients du FAI / Cyber attacks cause significant loss not only to end-users, but also Internet Service Providers (ISP). Recently, customers of the ISP have been the number one target of the cyber attacks such as Distributed Denial of Service attacks (DDoS). These attacks are encouraged by the widespread availability of tools to launch the attacks. So, there is a crucial need to counter these attacks (DDoS, botnet attacks, etc.) by effective defense mechanisms. Researchers have devoted huge efforts on protecting the network from cyber attacks. Defense methodologies first contains a detection process, completed by mitigation. Lack of automation in the whole cycle of detection to mitigation increase the damage caused by cyber attacks. It requires manual configurations of devices by the administrator to mitigate the attacks which cause the network downtime. Therefore, it is necessary to close the security loop with an efficient mechanism to automate the mitigation process. In this thesis, we propose an autonomic mitigation framework to mitigate attacks that target the network resources. Our framework provides a collaborative mitigation strategy between the ISP and its customers. The implementation relies on Software-Defined Networking (SDN) technology to deploy the mitigation framework. The contribution of our framework can be summarized as follows: first the customers detect the attacks and share the threat information with its ISP to perform the on-demand mitigation. We further develop the system to improve the management aspect of the framework at the ISP side. This system performs the alert extraction, adaptation and device configurations. We develop a policy language to define the high level policy which is translated into OpenFlow rules. Finally, we show the applicability of the framework through simulation as well as testbed validation. We evaluate different QoS and QoE (quality of user experience) metrics in SDN networks. The application of the framework demonstrates its effectiveness in not only mitigating attacks for the victim, but also reducing the damage caused to traffic of other customers of the ISP
|
147 |
Softwarově řízené monitorování síťového provozu / Software-Controlled Network Traffic MonitoringKekely, Lukáš January 2017 (has links)
Tato disertační práce se zabývá návrhem nového způsobu softwarově řízené (definované) hardwarové akcelerace pro moderní vysokorychlostní počítačové sítě. Hlavním cílem práce je formulace obecného, flexibilního a jednoduše použitelného konceptu akcelerace použitelného pro různé bezpečnostní a monitorovací aplikace, který by umožnil jejich reálné nasazení ve 100 Gb/s a rychlejších sítích. Disertační práce začíná rozborem aktuálního stavu poznání v oborech síťového monitorování, bezpečnosti a způsobů akcelerace zpracování vysokorychlostních síťových dat. Na základě tohoto rozboru je formulován a navržen zcela nový koncept s názvem Softwarově definované monitorování (SDM). Klíčová funkcionalita uvedeného konceptu je postavená na hardwarově akcelerované, aplikačně specifické (řízené), na tocích založené, informované redukci a distribuci zachycených síťových dat. Toto je zajištěno spojením vysokorychlostního hardwarového zpracování s flexibilním softwarovým řízením, které tak společně umožňují jednoduchou tvorbu různých komplexních a vysoce výkonných síťových aplikací. Pokročilé optimalizace a vylepšení základního SDM konceptu a jeho vybraných komponent jsou v práci též zkoumány, což vede k návrhu zcela unikátní a obecně použitelné FPGA architektury modulárního analyzátoru hlaviček paketů a vysoce výkonného klasifikátoru paketů založeného na kukaččím hashovaní. Nakonec je vytvořen vysokorychlostní SDM prototyp postavený nad FPGA akcelerační síťovou kartou, který je podrobně ověřen v podmínkách nasazení do reálných sítí. Jsou změřeny a diskutovány dosažitelné zlepšení výkonností v několika vybraných monitorovacích a bezpečnostních případech užití. Vytvořený SDM prototyp je rovněž nasazen v produkčním monitorování reálné páteřní sítě sdružení Cesnet a byl komercializován společností Netcope Technologies.
|
148 |
Trustworthy SDN Control Plane for Prioritized Path RecoveryBarcellesi, Jacopo January 2022 (has links)
Software Defined Networking (SDN) has gained popularity and attractiveness in the past years’ thanks to its dynamic and programmable nature. The possibility to decouple the data plane and control plane allows for the implementation of Internet networks in an innovative way. Thanks to its ease in changing flow rules in network switches, SDN allows network resources optimization. In the case of critical applications, an essential aspect is to ensure connectivity on the network even in case of link failures. Even when a failure causes an interruption of connectivity, the challenge also stays in recovering as fast as possible. Nonetheless, the SDN controller should have the policy to decide which pairs of end-hosts to disable connectivity when there is a shortage of resources to keep the most important connections active. In this thesis, we developed a proactive-reactive SDN controller coded in Python that copes with restoring end-hosts connectivity as fast as possible. The controller prioritizes the couples of end-hosts that need connectivity based on their importance. During a shortage of network resources, the connectivity of pairs of end-hosts with low importance is disabled, and the connectivity between the most important couples can be ensured. We tested our solution with a reactive-only SDN controller and a proactive-reactive SDN controller that does not consider any prioritization order between end-hosts connectivity. Both the benchmark SDN controllers were developed in the thesis. Experiments were run on the same network topology, with the same couple of endhosts involved. The comparison between the proactive-reactive and reactive-only controllers showed the first one to be faster in restoring the connectivity after a failure. It saves time restoring the connectivity and has fewer packets lost under certain conditions in the relationship between the switch-to-switch and the switchto-controller transmission delay. The comparison between the proactive-reactive iii controller and the controller with no prioritization confirms that without an ordered queue of priorities, it may be the most important couple of end-hosts to lose connectivity in case of shortages of network resources. To simulate a realistic scenario, the project considers the case study of electric power transmission networks using SDN. In particular, the focus is on reconnecting Phasor Measurement Unit (PMU)s to the power grid to ensure system observability. During our experiments, we adopted the typical measurement transmission frequency used by PMUs (50Hz). The SDN switches are deployed with P4, and the SDN controller is coded in Python. Furthermore, it exploits P4Runtime to communicate with the switches in run-time. / Software Defined Networking (SDN) har vunnit popularitet och attraktionskraft under de senaste åren tack vare sin dynamiska och programmerbara natur. Möjligheten att frikoppla dataplanet från kontrollplanet gör det möjligt att genomföra Internetnät på ett innovativt sätt. Tack vare att det är lätt att ändra flödesreglerna i nätverksväxlar gör SDN det möjligt att optimera nätverksresurserna. När det gäller kritiska tillämpningar är en viktig aspekt att säkerställa konnektiviteten i nätet även vid länkfel. Även när ett fel orsakar ett avbrott i konnektiviteten är utmaningen också att återhämta sig så snabbt som möjligt. Trots detta bör SDNstyrenheten ha en policy för att avgöra vilka par av slutvärdar som ska inaktivera anslutningen när det råder brist på resurser för att hålla de viktigaste anslutningarna aktiva. I den här avhandlingen har vi utvecklat en proaktiv-reaktiv SDN-styrenhet kodad i Python som klarar av att återställa slutvärdarnas anslutning så snabbt som möjligt. Styrenheten prioriterar paren av slutvärdar som behöver anslutning utifrån deras betydelse. Vid brist på nätverksresurser inaktiveras anslutningen för par av slutvärdar med låg betydelse, och anslutningen mellan de viktigaste paren kan säkerställas. Vi testade vår lösning med en enbart reaktiv SDN-styrenhet och en proaktiv-reaktiv SDN-styrenhet som inte tar hänsyn till någon prioriteringsordning mellan slutvärdarnas konnektivitet. Båda riktmärkeskontrollerna SDN utvecklades i avhandlingen. Experimenten genomfördes på samma nätverkstopologi med samma antal slutvärdar. Jämförelsen mellan den proaktivt-reaktiva och den enbart reaktiva kontrollören visade att den förstnämnda kontrollören var snabbare när det gäller att återställa anslutningen efter ett fel. Den sparar tid för att återställa anslutningen och har färre förlorade paket under vissa förhållanden i förhållandet mellan överföringsfördröjningen från switch till switch och från switch till styrenhet. Jämförelsen mellan den proaktiva-reaktiva styrenheten och v styrenheten utan prioritering bekräftar att utan en ordnad kö av prioriteringar kan det vara det viktigaste paret av slutvärdar som förlorar konnektiviteten vid brist på nätverksresurser. För att simulera ett realistiskt scenario används SDN i projektet som fallstudie för elöverföringsnät. Fokus ligger särskilt på att återansluta Phasor Measurement Unit (PMU)s till elnätet för att säkerställa systemets observerbarhet. Under våra experiment antog vi den typiska överföringsfrekvensen för mätningar som används av PMUs (50Hz). SDN-växlarna installeras med P4, och SDN-styrenheten är kodad i Python. Dessutom utnyttjas P4Runtime för att kommunicera med växlarna i körtid.
|
149 |
High Performance Computing as a Service in the Cloud Using Software-Defined NetworkingJamaliannasrabadi, Saba 27 July 2015 (has links)
No description available.
|
150 |
Collaboratively Detecting HTTP-based Distributed Denial of Service Attack using Software Defined NetworkIkusan, Ademola A. January 2017 (has links)
No description available.
|
Page generated in 0.0602 seconds