A Trust Management Framework Of SDN Applications

With the rapid development of computer network technology,the traditional network architecture becomes unable to meet the practical application requirements.In particular,the whole network system has become over-stuffed by patching to adapt to emerging network services,such as,cloud computing and network function virtualization.Compared with the progressive improvement methods,the network architecture designed from a clean slate is expected.Software defined-networking(SDN)is newly designed,which will promote the development of network technologies.SDN constructs a new network abstract model,which provides a complete set of generic APIs(Application Program Interfaces).The decoupling of the control layer and the data layer in SDN makes them no longer depend on each other,and can independently develop the architecture.In addition,it is programmable,which enables users to setup,control and manage the network in the controller,and speed up the process of network service deployment.Besides the capability of centralized control and network programmability,SDN also incurs many security challenges.For example,the controller cannot judge whether the application is trusted,and the conflict detection and elimination of the flow rules issued by the applications is a serious issue.In order to take full advantage of SDN,it is of great significance to discover and solve the issues in SDN.By analyzing the characteristics of SDN and its security issues,we found that there is a lack of trust evaluation and management mechanism between the application and the controller.In addition,legitimate applications may also be subject to violations that result in incorrect flow rules.Multiple custom or third-party applications run on the controllers at the same time,which may issue flow rules that are competed with or covered by each other.To solve the above problems,we propose a trust evaluation and management framework for applications,which is composed of network monitoring module and trust evaluation module.The network monitoring module has a number of probes for monitoring network parameters such as packet loss rate,time delay,and bandwidth during the execution of flow rules issued by the application.The network trust module is responsible for trust evaluation based on the parameters provided by the probe.But we must ensure that these network probes are safe and trusted.In our scenario,the trust value of an application is obtained from two parts: the feedback of the controllers that communicate with this application and the partial trust value calculated from the monitored network parameters.The priority of each application is determined by its trust value.The higher the trust value,the higher the priority of the flow rules issued by the application.Furthermore,we have realized our proposed framework and test its performance.In the experiments,we first designed three different applications with diverse capabilities and then gained their packet loss rate,time delay and bandwidth during the run time of the application.Since there lack trust evaluation and management mechanism between applicat ions and controllers,to address the problem,we set a unique and variable trust value for ea ch application.Applications with a low trust value will be denied to access the controller.C onsidering that the applications may be tamperd during running,and as a result their trust value may vary with time,our design can update the trust value of applications in real time and detect the malicious application quickly.In our design,applications with higher trust have the relatively higher priority.Therefore,we solved the flow conflict issue in the controller.The simulation results show that our scheme is more effective and fine-grained to control the flow rules than current schemes.Moreover,it can detect and eliminate the conflicts of flow rules in a more effective way and help controller select and execute proper flow rules.