SDN-based Trusted Path in a Multi-domain Network

The flexibility and dynamicity of the new SDN/NFV-based network infrastructures raises strong issues for sensitive data which can easily be transferred between different locations and then violates some constraints such as country-based regulations. This paper tackles a critical issue related to the path followed by sensitive data transferred in such virtualized networks and which have specific security & sovereignty constraints (e.g., avoid untrusted domains or nodes). We are therefore proposing a new approach aiming to automatically configure in a multi-domain SDN network such a trusted path satisfying the required constraints. This approach relies on a Multi-Domain Trusted Path Application (MD-TPA) based on OpenFlow and deployed upon the SDN controller of each domain. This approach has been implemented within SDN controllers and experimented on a testbed composed of physical OpenFlow-enabled switches. It is then shown how such an end-to-end trusted path, compliant with the constraints, can be enforced in a multi-domain SDN network.