A Security-Mode for Carrier-Grade SDN Controllers

Management approaches to modern networks are increasingly influenced by software-defined networks (SDNs), and this increased influence is reflected in the growth of commercially available innovative SDN-based switches, controllers and applications. To date, there have been a number of commercial and open-source SDN operating systems (NOS) introduced for various purposes, including distributed controller frameworks targeting large, carrier-grade networks such as the Open Network Operating System (ONOS) and OpenDayLight (ODL). These frameworks are distinguished by their (i) elastic cluster controller architecture, (ii) network virtualization support, and (iii) modular design. Given their flexible design, growing list of supported features, and collaborative community support, these are attractive hosting platforms for a wide range of third-party distributed network management applications. This paper identifies the common security requirements for policy enforcement in such distributed controller environments. We present the design of a network application permission-enforcement model and an integrated security subsystem (SM-ONOS) for managing distributed applications running on an ONOS controller. We discuss the underlying motivations of its security extensions and their implications for improving our understanding of how to securely manage large-scale SDNs. Our performance assessments demonstrate that the security-mode extension imposed reasonable overheads (ranging from 5 to 20% for 1-7 node clusters).