SDN based Scalable MTD solution in Cloud Network

Ankur Chowdhary, Sandeep Pisharody, Dijiang Huang
{"title":"SDN based Scalable MTD solution in Cloud Network","authors":"Ankur Chowdhary, Sandeep Pisharody, Dijiang Huang","doi":"10.1145/2995272.2995274","DOIUrl":null,"url":null,"abstract":"Software-Defined Networking (SDN) has emerged as a framework for centralized command and control in cloud data centric environments. SDN separates data and control plane, which provides network administrator better visibility and policy enforcement capability compared to traditional networks. The SDN controller can assess reachability information of all the hosts in a network. There are many critical assets in a network which can be compromised by a malicious attacker through a multistage attack. Thus we make use of centralized controller to assess the security state of the entire network and pro-actively perform attack analysis and countermeasure selection. This approach is also known as Moving Target Defense (MTD). We use the SDN controller to assess the attack scenarios through scalable Attack Graphs (AG) and select necessary countermeasures to perform network reconfiguration to counter network attacks. Moreover, our framework has a comprehensive conflict detection and resolution module that ensures that no two flow rules in a distributed SDN-based cloud environment have conflicts at any layer; thereby assuring consistent conflict-free policy implementation and preventing information leakage.","PeriodicalId":20539,"journal":{"name":"Proceedings of the 2016 ACM Workshop on Moving Target Defense","volume":"307 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"53","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM Workshop on Moving Target Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2995272.2995274","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 53

Abstract

Software-Defined Networking (SDN) has emerged as a framework for centralized command and control in cloud data centric environments. SDN separates data and control plane, which provides network administrator better visibility and policy enforcement capability compared to traditional networks. The SDN controller can assess reachability information of all the hosts in a network. There are many critical assets in a network which can be compromised by a malicious attacker through a multistage attack. Thus we make use of centralized controller to assess the security state of the entire network and pro-actively perform attack analysis and countermeasure selection. This approach is also known as Moving Target Defense (MTD). We use the SDN controller to assess the attack scenarios through scalable Attack Graphs (AG) and select necessary countermeasures to perform network reconfiguration to counter network attacks. Moreover, our framework has a comprehensive conflict detection and resolution module that ensures that no two flow rules in a distributed SDN-based cloud environment have conflicts at any layer; thereby assuring consistent conflict-free policy implementation and preventing information leakage.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
云网络中基于SDN的可扩展MTD解决方案
软件定义网络(SDN)已成为云数据中心环境中集中命令和控制的框架。SDN将数据平面和控制平面分离,为网络管理员提供了比传统网络更好的可视性和策略实施能力。SDN控制器可以评估网络中所有主机的可达性信息。网络中有许多关键资产可以通过多阶段攻击被恶意攻击者破坏。从而利用集中控制器对整个网络的安全状态进行评估,并主动进行攻击分析和对策选择。这种方法也被称为移动目标防御(MTD)。我们使用SDN控制器通过可扩展攻击图(AG)来评估攻击场景,并选择必要的对策来执行网络重构以对抗网络攻击。此外,我们的框架具有全面的冲突检测和解决模块,确保在基于sdn的分布式云环境中没有两个流规则在任何层发生冲突;从而确保一致的无冲突策略实现并防止信息泄漏。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Moving Target Defense: a Journey from Idea to Product Session details: Keynote Talk Automated Effectiveness Evaluation of Moving Target Defenses: Metrics for Missions and Attacks Markov Modeling of Moving Target Defense Games Session details: Invited Industry Talk
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1