FORTRESS: An Efficient and Distributed Firewall for Stateful Data Plane SDN
نویسندگان
چکیده
منابع مشابه
SFA: Stateful Forwarding Abstraction in SDN Data Plane
Software Defined Networking (SDN) is a new network architecture where network control is decoupled from forwarding and is directly programmable. However, existing techniques provide limited support for stateful forwarding in SDN data plane. Relying on the controller for all state maintaining gives rise to scalability and performance issues. In this paper, we present Stateful Forwarding Abstract...
متن کاملFast failure detection and recovery in SDN with stateful data plane
When dealing with node or link failures in SoftwareDefined Networking (SDN), the network capability to establish an alternative path depends on controller reachability and on the round-trip times (RTTs) between controller and involved switches. Moreover, current SDN data plane abstractions for failure detection, such as OpenFlow “Fast-failover”, do not allow programmers to tweak switches’ detec...
متن کاملHandling Stateful Firewall Anomalies
A security policy consists of a set of rules designed to protect an information system. To ensure this protection, the rules must be deployed on security components in a consistent and non-redundant manner. Unfortunately, an empirical approach is often adopted by network administrators, to the detriment of theoretical validation. While the literature on the analysis of configurations of first g...
متن کاملRenaissance: Self-Stabilizing Distributed SDN Control Plane
By introducing programmability, automated verification, and innovative debugging tools, Software-Defined Networks (SDNs) are poised to meet the increasingly stringent dependability requirements of today’s communication networks. However, the design of fault-tolerant SDNs remains an open challenge. This paper considers the design of dependable SDNs through the lenses of self-stabilization— a ver...
متن کاملManagement of stateful firewall misconfiguration
Firewall configurations are evolving into dynamic policies that depend on protocol states. As a result, stateful configurations tend to be much more error prone. Some errors occur on configurations that only contain stateful rules. Others may affect those holding both stateful and stateless rules. Such situations lead to configurations in which actions on certain packets are conducted by the fi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Security and Communication Networks
سال: 2019
ISSN: 1939-0114,1939-0122
DOI: 10.1155/2019/6874592