TY - GEN
T1 - Towards an accountable software-defined networking architecture
AU - Ujcich, Benjamin E.
AU - Miller, Andrew
AU - Bates, Adam
AU - Sanders, William H.
N1 - The authors would like to thank Jenny Applequist for her editorial assistance and members of the PERFORM Group at the University of Illinois for feedback. This material is based upon work supported by the Army Research Office under Award No. W911NF-13-1-0086 and by the National Science Foundation under Grant No. CNS-1657534.
PY - 2017/8/7
Y1 - 2017/8/7
N2 - Software-defined networking (SDN) overcomes many limitations of traditional networking architectures because of its programmable and flexible nature. Security applications, for instance, can dynamically reprogram a network to respond to ongoing threats in real time. However, the same flexibility also creates risk, since it can be used against the network. Current SDN architectures potentially allow adversaries to disrupt one or more SDN system components and to hide their actions in doing so. That makes assurance and reasoning about past network events more difficult, if not impossible. In this paper, we argue that an SDN architecture must incorporate various notions of accountability for achieving systemwide cyber resiliency goals. We analyze accountability based on a conceptual framework, and we identify how that analysis fits in with the SDN architecture's entities and processes. We further consider a case study in which accountability is necessary for SDN network applications, and we discuss the limits of current approaches.
AB - Software-defined networking (SDN) overcomes many limitations of traditional networking architectures because of its programmable and flexible nature. Security applications, for instance, can dynamically reprogram a network to respond to ongoing threats in real time. However, the same flexibility also creates risk, since it can be used against the network. Current SDN architectures potentially allow adversaries to disrupt one or more SDN system components and to hide their actions in doing so. That makes assurance and reasoning about past network events more difficult, if not impossible. In this paper, we argue that an SDN architecture must incorporate various notions of accountability for achieving systemwide cyber resiliency goals. We analyze accountability based on a conceptual framework, and we identify how that analysis fits in with the SDN architecture's entities and processes. We further consider a case study in which accountability is necessary for SDN network applications, and we discuss the limits of current approaches.
UR - http://www.scopus.com/inward/record.url?scp=85043701887&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85043701887&partnerID=8YFLogxK
U2 - 10.1109/NETSOFT.2017.8004206
DO - 10.1109/NETSOFT.2017.8004206
M3 - Conference contribution
AN - SCOPUS:85043701887
T3 - 2017 IEEE Conference on Network Softwarization: Softwarization Sustaining a Hyper-Connected World: en Route to 5G, NetSoft 2017
SP - 1
EP - 5
BT - 2017 IEEE Conference on Network Softwarization
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2017 IEEE Conference on Network Softwarization, NetSoft 2017
Y2 - 3 July 2017 through 7 July 2017
ER -