Software defined networking flow admission and routing under minimal security constraints

TL;DR

This paper introduces FARSec, a polynomial-time algorithm for secure flow admission and routing in SDN that ensures flows use links meeting their security requirements, rejecting flows if necessary.

Contribution

It presents a novel approach for security-aware flow routing in SDN, including a proof of polynomial complexity and practical implementation with OpenFlow and ONOS.

Findings

FARSec efficiently finds secure paths or rejects flows when necessary.

Experimental validation confirms the approach's correctness and efficiency.

Implementation demonstrates practical applicability in emulated SDN environments.

Abstract

In recent years, computer networks and telecommunications in general have been shifting paradigms to adopt software-centric approaches. Software Defined Networking (SDN) is one of such paradigms that centralizes control and intelligent applications can be defined on top of this architecture. The latter enables the definition of the network behavior by means of software. In this work, we propose an approach for Flow Admission and Routing under Minimal Security Constraints (FARSec) in Software Defined Networks, where network flows must use links which are at least as secure as their required security level. We prove that FARSec can find feasible paths that respect the minimum level of security for each flow. If the latter is not possible FARSec rejects the flow in order not to compromise its security. We show that the computational complexity of the proposed approach is polynomial. Experimental results with semi-random generated graphs confirm the efficiency and correctness of the proposed approach. Finally, we implement the proposed solution using OpenFlow and ONOS -- an SDN open-source controller. We validate its functionality using an emulated network with various security levels.