Trust Support for SDN Controllers and Virtualized Network Applications

The SDN paradigm allows networks to be dynamically reconfigurable by network applications. Combined with Cloud Computing, SDN allows therefore easily defining new software-based network architectures. SDN is also of particular interest for the NFV (Network Function Virtualization) which deals with the virtualization of network functions such as IMS, switching and routing, or radio access control. The network programmability offered by SDN presents then various advantages but it also induces various threats regarding potential attacks on the network. For instance, there is a critical risk that a hacker takes over the network control by exploiting this SDN network programmability (e.g., using the SDN API or tampering a network application running on the SDN controller). This paper proposes then an approach to deal with this possible lack of trust in the SDN controller or in their applications. This approach consists in not relying on a single controller (which may concentrate too much power), but on several redundant controllers that may come from different providers and that may also run in different execution environments. The network configuration requests coming from these different controllers are then compared and, if these requests are deemed sufficiently consistent and then trustable, they are actually sent to the network equipments. This approach has been implemented in an intermediary layer (based on a network hypervisor) inserted between the network equipments and the SDN controllers. Experiments have also been performed showing the feasibility of the approach and providing as well some evaluations of its impact on the network and the services.