Isolating Malicious Controller(s) In Distributed Software-Defined Networks with Centralized Reputation Management

Abstract

Although software-defined networks have seen a sharp increase in their deployment around the world, with big tech companies including Microsoft and Google, to name a few, tapping into the enormous potential that these networks offer, there are still various security loopholes that need to be plugged. One such security-related issues is that of a rogue controller bringing down an entire network. As we shall see in this paper, this problem is still short of any definitive solutions, especially when it comes to distributed software-defined networks. We attempt to resolve this issue by developing a centrally managed trust and reputation scheme. By proactively comparing the policies/flow rules that need to be installed in the switches with those that are actually installed, our scheme singles out a malicious controller. We have evaluated the scheme for scalability, message overhead, and for bad-mouthing attacks. Our results suggest that using trust and reputation system can greatly enhance the network security in this scenario as demonstrated by rigorous evaluations in Emulab network emulation testbed.