Spelling suggestions: "subject:"softwaredefined networking"" "subject:"softwaredefined networking""
21 |
Enhancing network robustness using software-defined networkingLi, Xin January 1900 (has links)
Doctor of Philosophy / Department of Electrical and Computer Engineering / Don M. Gruenbacher / Caterina M. Scoglio / As today's networks are no longer individual networks, networks are less robust towards failures and attacks. For example, computer networks and power networks are interdependent. Computer networks provide smart control for power networks, while power networks provide power supply. Localized network failures and attacks are amplified and exacerbated back and forth between two networks due to their interdependencies. This dissertation focuses on finding solutions to enhance network robustness. Software-defined networking provides a programmable architecture, which can dynamically adapt to any changes and can reduce the complexities of network traffic management. This architecture brings opportunities to enhance network robustness, for example, adapting to network changes, routing traffic bypassing malfunction devices, dropping malicious flows, etc. However, as SDN is rapidly proceeding from vision to reality, the SDN architecture itself might be exposed to some robustness threats. Especially, the SDN control plane is tremendously attractive to attackers, since it is the "brain" of entire networks. Thus, researching on network robustness helps protect network from a destructive disaster.
In this dissertation, we first build a novel, realistic interdependent network framework to model cyber-physical networks. We allocate dependency links under a limited budget and evaluate network robustness. We further revise a network flow algorithm and find solutions to obtain a basic robust network structure. Extensive simulations on random networks and real networks show that our deployment method produces topologies that are more robust than the ones obtained by other deployment techniques.
Second, we tackle middlebox chain problems using SDN. In computer networks, applications require traffic to sequence through multiple types of middleboxes to accomplish network functionality. Middlebox policies, numerous applications' requirements, and resource allocations complicate network management. Furthermore, middlebox failures can affect network robustness. We formulate a mixed-integer linear programming problem to achieve a network load-balancing objective in the context of middlebox policy chain routing. Our global routing approach manages network resources efficiently by simplifying candidate-path selections, balancing the entire network and using the simulated annealing algorithm. Moreover, in case of middlebox failures, we design a fast rerouting mechanism by exploiting the remaining link and middlebox resources locally. We implement proposed routing approaches on a Mininet testbed and evaluate experiments' scalability, assessing the effectiveness of the approaches.
Third, we build an adversary model to describe in detail how to launch distributed denial of service (DDoS) attacks to overwhelm the SDN controller. Then we discuss possible defense mechanisms to protect the controller from DDoS attacks. We implement a successful DDoS attack and our defense mechanism on the Mininet testbed to demonstrate its feasibility in the real world.
In summary, we vertically dive into enhancing network robustness by constructing a topological framework, making routing decisions, and protecting the SDN controller.
|
22 |
Policy-driven Network Defense for Software Defined NetworksJanuary 2016 (has links)
abstract: Software-Defined Networking (SDN) is an emerging network paradigm that decouples the control plane from the data plane, which allows network administrators to consolidate common network services into a centralized module named SDN controller. Applications’ policies are transformed into standardized network rules in the data plane via SDN controller. Even though this centralization brings a great flexibility and programmability to the network, network rules generated by SDN applications cannot be trusted because there may exist malicious SDN applications, and insecure network flows can be made due to complex relations across network rules. In this dissertation, I investigate how to identify and resolve these security violations in SDN caused by the combination of network rules and applications’ policies. To this end, I propose a systematic policy management framework that better protects SDN itself and hardens existing network defense mechanisms using SDN.
More specifically, I discuss the following four security challenges in this dissertation: (1) In SDN, generating reliable network rules is challenging because SDN applications cannot be trusted and have complicated dependencies each other. To address this problem, I analyze applications’ policies and remove those dependencies by applying grid-based policy decomposition mechanism; (2) One network rule could accidentally affect others (or by malicious users), which lead to creating of indirect security violations. I build systematic and automated tools that analyze network rules in the data plane to detect a wide range of security violations and resolve them in an automated fashion; (3) A fundamental limitation of current SDN protocol (OpenFlow) is a lack of statefulness, which is extremely important to several security applications such as stateful firewall. To bring statelessness to SDN-based environment, I come up with an innovative stateful monitoring scheme by extending existing OpenFlow specifications; (4) Existing honeynet architecture is suffering from its limited functionalities of ’data control’ and ’data capture’. To address this challenge, I design and implement an innovative next generation SDN-based honeynet architecture. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2016
|
23 |
Software Defined Applications in Cellular and Optical NetworksJanuary 2017 (has links)
abstract: Small wireless cells have the potential to overcome bottlenecks in wireless access through the sharing of spectrum resources. A novel access backhaul network architecture based on a Smart Gateway (Sm-GW) between the small cell base stations, e.g., LTE eNBs, and the conventional backhaul gateways, e.g., LTE Servicing/Packet Gateways (S/P-GWs) has been introduced to address the bottleneck. The Sm-GW flexibly schedules uplink transmissions for the eNBs. Based on software defined networking (SDN) a management mechanism that allows multiple operator to flexibly inter-operate via multiple Sm-GWs with a multitude of small cells has been proposed. This dissertation also comprehensively survey the studies that examine the SDN paradigm in optical networks. Along with the PHY functional split improvements, the performance of Distributed Converged Cable Access Platform (DCCAP) in the cable architectures especially for the Remote-PHY and Remote-MACPHY nodes has been evaluated. In the PHY functional split, in addition to the re-use of infrastructure with a common FFT module for multiple technologies, a novel cross functional split interaction to cache the repetitive QAM symbols across time at the remote node to reduce the transmission rate requirement of the fronthaul link has been proposed. / Dissertation/Thesis / Doctoral Dissertation Electrical Engineering 2017
|
24 |
Software-Defined Computational Offloading for Mobile Edge ComputingKrishna, Nitesh 03 May 2018 (has links)
Computational offloading advances the deployment of Mobile Edge Computing (MEC) in the next generation communication networks. However, the distributed nature of the mobile users and the complex applications make it challenging to schedule the tasks reasonably among multiple devices. Therefore, by leveraging the idea of Software-Defined Networking (SDN) and Service Composition (SC), we propose a Software-Defined Service Composition model (SDSC). In this model, the SDSC controller is deployed at the edge of the network and composes service in a centralized manner to reduce the latency of the task execution and the traffic on the access links by satisfying the user-specific requirement. We formulate the low latency service composition as a Constraint Satisfaction Problem (CSP) to make it a user-centric approach. With the advent of the SDN, the global view and the control of the entire network are made available to the network controller which is further leveraged by our SDSC approach.
Furthermore, the service discovery and the offloading of tasks are designed for MEC environment so that the users can have a complex and robust system. Moreover, this approach performs the task execution in a distributed manner. We also define the QoS model which provides the composition rule that forms the best possible service composition at the time of need.
Moreover, we have extended our SDSC model to involve the constant mobility of the mobile devices. To solve the mobility issue, we propose a mobility model and a mobility-aware QoS approach enabled in the SDSC model. The experimental simulation results demonstrate that our approach can obtain better performance than the energy saving greedy algorithm and the random offloading approach in a mobile environment.
|
25 |
Vyvažování zátěže v sítích OpenFlow / Load Balancing in OpenFlow NetworksMarciniak, Petr January 2013 (has links)
The aim of this thesis is to develop a load balancing tool for OpenFlow networks. Software-defined networking (SDN) principles are introduced (OpenFlow protocol used as an example) and compared to the legacy routing and switching technology. Openflow is the first protocol/API enabling communication between the control and infrastructure planes of the software-defined networking model. Key features of the protocol are described and several OpenFlow controllers are introduced. Current best practices in computer networks load balancing are discussed as well. The load balancing application development process is described including the test laboratory setups - Mininet (SW) and OFELIA (HW). The application test results are evaluated and possible further enhancements to the program are discussed.
|
26 |
PRACTICAL CLOUD COMPUTING INFRASTRUCTUREJames A Lembke (10276463) 12 March 2021 (has links)
<div>Cloud and parallel computing are fundamental components in the processing of large data sets. Deployments of distributed computers require network infrastructure that is fast, efficient, and secure. Software Defined Networking (SDN) separates the forwarding of network data by switches (data plane) from the setting and managing of network policies (control plane). While this separation provides flexibility for setting network policies affecting the establishment of network flows in the data plane, it provides little to no fault tolerance for failures, either benign or caused by corrupted/malicious applications. Such failures can cause network flows to be incorrectly routed through the network or stop such flows altogether. Without protection against faults, cloud network providers using SDN run the risk of inefficient allocation of network resources or even data loss. Furthermore, the asynchronous nature existing protocols for SDN does not provide a mechanism for consistency in network policy updates across multiple switches.</div><div>In addition, cloud and parallel applications require an efficient means for accessing local system data (input data sets, temporary storage locations, etc.). While in many cases it may be possible for a process to access this data by making calls directly to a file system (FS) kernel driver, this is not always possible (e.g. when using experimental distributed FSs where the needed libraries for accessing the FS only exist in user space).</div><div>This dissertation provides a design for fault tolerance of SDN and infrastructure for advancing the performance of user space FSs. It is divided into three main parts. The first part describes a fault tolerant, distributed SDN control plane framework. The second part expands upon the fault tolerant approach to SDN control plane by providing a practical means for dynamic control plane membership as well as providing a simple mechanism for controller authentication through threshold signatures. The third part describes an efficient framework for user space FS access.</div><div>This research makes three contributions. First, the design, specification, implementation, and evaluation of a method for fault tolerant SDN control plane that is inter-operable with existing control plane applications involving minimal instrumentation of the data plane runtime. Second, the design, specification, implementation and evaluation of a mechanism for dynamic SDN control plane membership that all ensure consistency of network policy updates and minimizes switch overhead through the use of distributed key generation and threshold signatures. Third, the design, specification, implementation, and evaluation of a user space FS access framework that is correct to the Portable Operating System Interface (POSIX) specification with significantly better performance over existing user space access methods, while requiring no implementation changes for application programmers.</div>
|
27 |
Performance and Reliability in Open Router Platforms for Software-Defined NetworkingTanyingyong, Voravit January 2014 (has links)
The unprecedented growth of the Internet has brought about such an enormous impact on our daily life that it is regarded as indispensable in modern era. At the same time, the underlying Internet architecture is still underpinned by principles designed several decades ago. Although IP networking has been proven very successful, it has been considered as the cause to network ossification creating barriers to entry for new network innovations. To support new demands and requirements of the current and the future Internet, solutions for new and improved Internet architectures should be sought. Software-defined networking (SDN), a new modularized network architecture that separates the control plane from the data plane, has emerged as a promising candidate for the future Internet. SDN can be described as flow-based networking, which provides finer granularity while maintaining backward compatibility with traditional IP networking. In this work, our goal is to investigate how to incorporate flow-based networking into open router platforms in an SDN context. We investigate performance and reliability aspects related to SDN data plane operation in software on open source PC-based routers. Our research methodology is based on design, implementation, and experimental evaluation. The experimental platform consists of PC-based routers running open source software in combination with commodity-off-the-shelf (COTS) hardware components. When it comes to performance aspects, we demonstrate that by offloading the lookup from a CPU to a network interface card, the overall performance is improved significantly. For enhanced reliability, we investigate bidirectional forwarding detection (BFD) as a component to realize redundancy with fast failover. We demonstrate that BFD becomes unreliable under high traffic load and propose a solution to this problem by allocating dedicated system resources for BFD control messages. In line with this solution, we extend our architecture for next-generation PC-based routers with OpenFlow support by devising a strategy to efficiently map packet forwarding and application processing tasks onto the multi-core architecture on the PC-based router. This extension would make it possible to integrate BFD effectively into the router platform. Our work demonstrates the potentials of open router platforms for SDN. Our prototypes offer not only high performance with good reliability but also flexibility to adopt new software extensions. Such platforms will play a vital role in advancing towards the future Internet. / <p>QC 20140416</p>
|
28 |
Cyber Attacks Against SDN Controllers And Protecting The Control Plane With A Formally Verified Microkernel / Cyberattacker Mot SDN Kontroller Och Att Skydda Kontrollplanet Med En Formellt Verifierad MikrokärnaHolmberg, Olof January 2021 (has links)
Software-Defined Networking (SDN) is a technology that is increasing in popularity. However, with increased prevalence comes increased opportunity to exploit vulnerabilities that exist within the technology. In this thesis, several attack vectors that can be used to attack SDN controllers were identified through a literature review. Among these vectors there is one that is concerned with the vulnerabilities present on the host of the SDN controller. One promising method that could be used to mitigate this attack vector is to deploy the SDN controller on a microkernel. The microkernel chosen in this thesis is the formally verified microkernel seL4®. This thesis investigate the possible ways of deploying an SDN controller on seL4. A deployment of an SDN controller is also performed in this thesis in order to assess the difficulties and possible performance tradeoffs present in adapting an SDN controller for seL4. The deployment of the SDN controller uses seL4’s virtualization capabilities and leaves the majority of the controller running in a virtual machine on seL4. A small part of the controller is moved to a separate and isolated component in order to showcase how the isolation capabilities of seL4 can be utilized. The performances of the unmodified and the modified controller are then compared. A significant increase in execution time when communicating between the VM and the separate component was discovered. However, such increases may also be attributed to dynamic binary translation used when simulating seL4 using QEMU. Thus, properly quantifying these overheads would require a different setup, either without simulation or with hardware-assisted virtualization.
|
29 |
Provisioning end-to-end quality of service for real-time interactive video over software-defined networkingOwens II, Harold 09 November 2016 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / This thesis contains four interrelated research areas. Before presenting the four research areas, this thesis presents literature review on Software-Defined Networking (SDN), a network architecture that allows network operator to manage the network using high level abstractions. This thesis presents taxonomy for classifying SDN research.
In research first area, this thesis presents Video over Software-Defined Networking (VSDN), a network architecture that selects feasible paths using the network-wide view. This thesis describes the VSDN protocol which is used for requesting service from the network. This thesis presents the results of implementing VSDN prototype and evaluates behavior of VSDN. Requesting service from the network requires developer to provide three input parameters to application programmable interface. The message complexity of VSDN is linear.
In research second area, this thesis presents Explicit Routing in Software-Defined Networking (ERSDN), a routing scheme that selects transit routers at the edge of network. This thesis presents the design and implementation of ERSDN. This thesis evaluates the effect of ERSDN on the scalability of controller by measuring the control plane network events-packets. ERSDN reduces the network events in the control plane by 430%.
In research third area, this thesis presents Reliable Video over Software-Defined Networking (RVSDN) which builds upon previous work of Video over Software-Defined Networking (VSDN) to address the issue of finding most reliable path. This thesis presents the design and implementation of RVSDN. This thesis presents the experience of integrating RVSDN into ns-3, a network simulator which research community uses to simulate and model computer networks. This thesis presents RVSDN results and analyzes the results. RVSDN services 31 times more requests than VSDN and Multiprotocol Label Switching (MPLS) explicit routing when the reliability constraint is 0.995 or greater.
In research fourth area, this thesis presents Multi-Domain Video over Software-Defined Networking (MDVSDN), a network architecture that selects end-to-end network path or path for real-time interactive video applications across independent network domains. This thesis describes the architectural elements of MDVSDN. This thesis presents the results of implementing a prototype of MDVSDN and evaluates the behavior of MDVSDN. The message complexity of MDVSDN is linear.
The contribution of this thesis lays the foundation for developing a network architecture that improves the performance of real-time interactive video applications by selecting feasible end-to-end multi-domain path among multiple paths using bandwidth, delay, jitter, and reliability.
|
30 |
Network AIS-based DDoS attack detection in SDN environments with NS-3Jevtic, Stefan G. 21 July 2017 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / With the ever increasing connectivity of and dependency on modern computing systems, our civilization is becoming ever more susceptible to cyberattack. To combat this, identifying and disrupting malicious traffic without human intervention becomes essential to protecting our most important systems. To accomplish this, three main tasks for an effective intrusion detection system have been identified: monitor network traffic, categorize and identify anomalous behavior in near real time, and take appropriate action against the identified threat. This system leverages distributed SDN architecture and the principles of Artificial Immune Systems and Self-Organizing Maps to build a network-based intrusion detection system capable of detecting and terminating DDoS attacks in progress.
|
Page generated in 0.1002 seconds