SecControl

Bridging the gap between security tools and SDN controllers

Li Wang, Dinghao Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Software-defined networking (SDN) is a promising paradigm to improve network security protections. A lot of security enhancements through SDN have been proposed. However, current SDN-based security solutions can hardly provide sufficient protections in a real SDN network, due to several reasons: (1) they are implemented at either the centralized SDN controllers or the decentralized network devices, which are subject to a performance limitation; (2) their designs are confined by SDN network characteristics and can only provide limited security functions; (3) many solutions have deployment challenges and compatibility issues. In this paper, we propose SecControl, a practical network protection framework combining the existing security tools and SDN technologies, to produce a comprehensive network security solution in an SDN environment. By employing the capabilities of existing security tools, SecControl is able to perceive the real-time security events dynamically and adjust the protected network environment correspondingly. It can be easily extended with various methods for different security threats. With SecControl, we construct a traditional-security-tool-friendly network security solution for software-defined networks. We implement a SecControl prototype with OpenFlow and evaluate its effectiveness and performance. Our experiment shows that SecControl can cooperate with many mainstream security tools and provide effective defense responses over SDN-supported networks.

Original languageEnglish (US)
Title of host publicationSecurity and Privacy in Communication Networks - SecureComm 2017 International Workshops, ATCS and SePrIoT, Proceedings
EditorsAli Ghorbani, Kui Ren, Sencun Zhu, Aiqing Zhang, Xiaodong Lin
PublisherSpringer Verlag
Pages11-31
Number of pages21
ISBN (Print)9783319788159
DOIs
StatePublished - Jan 1 2018
Event13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017 - [state] ON, Canada
Duration: Oct 22 2017Oct 25 2017

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume239
ISSN (Print)1867-8211

Other

Other13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017
CountryCanada
City[state] ON
Period10/22/1710/25/17

Fingerprint

Controllers
Network security
Software defined networking
Experiments

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Cite this

Wang, L., & Wu, D. (2018). SecControl: Bridging the gap between security tools and SDN controllers. In A. Ghorbani, K. Ren, S. Zhu, A. Zhang, & X. Lin (Eds.), Security and Privacy in Communication Networks - SecureComm 2017 International Workshops, ATCS and SePrIoT, Proceedings (pp. 11-31). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 239). Springer Verlag. https://doi.org/10.1007/978-3-319-78816-6_2
Wang, Li ; Wu, Dinghao. / SecControl : Bridging the gap between security tools and SDN controllers. Security and Privacy in Communication Networks - SecureComm 2017 International Workshops, ATCS and SePrIoT, Proceedings. editor / Ali Ghorbani ; Kui Ren ; Sencun Zhu ; Aiqing Zhang ; Xiaodong Lin. Springer Verlag, 2018. pp. 11-31 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).
@inproceedings{b357015efaf2415f8db757433a23ed24,
title = "SecControl: Bridging the gap between security tools and SDN controllers",
abstract = "Software-defined networking (SDN) is a promising paradigm to improve network security protections. A lot of security enhancements through SDN have been proposed. However, current SDN-based security solutions can hardly provide sufficient protections in a real SDN network, due to several reasons: (1) they are implemented at either the centralized SDN controllers or the decentralized network devices, which are subject to a performance limitation; (2) their designs are confined by SDN network characteristics and can only provide limited security functions; (3) many solutions have deployment challenges and compatibility issues. In this paper, we propose SecControl, a practical network protection framework combining the existing security tools and SDN technologies, to produce a comprehensive network security solution in an SDN environment. By employing the capabilities of existing security tools, SecControl is able to perceive the real-time security events dynamically and adjust the protected network environment correspondingly. It can be easily extended with various methods for different security threats. With SecControl, we construct a traditional-security-tool-friendly network security solution for software-defined networks. We implement a SecControl prototype with OpenFlow and evaluate its effectiveness and performance. Our experiment shows that SecControl can cooperate with many mainstream security tools and provide effective defense responses over SDN-supported networks.",
author = "Li Wang and Dinghao Wu",
year = "2018",
month = "1",
day = "1",
doi = "10.1007/978-3-319-78816-6_2",
language = "English (US)",
isbn = "9783319788159",
series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",
publisher = "Springer Verlag",
pages = "11--31",
editor = "Ali Ghorbani and Kui Ren and Sencun Zhu and Aiqing Zhang and Xiaodong Lin",
booktitle = "Security and Privacy in Communication Networks - SecureComm 2017 International Workshops, ATCS and SePrIoT, Proceedings",
address = "Germany",

}

Wang, L & Wu, D 2018, SecControl: Bridging the gap between security tools and SDN controllers. in A Ghorbani, K Ren, S Zhu, A Zhang & X Lin (eds), Security and Privacy in Communication Networks - SecureComm 2017 International Workshops, ATCS and SePrIoT, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 239, Springer Verlag, pp. 11-31, 13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017, [state] ON, Canada, 10/22/17. https://doi.org/10.1007/978-3-319-78816-6_2

SecControl : Bridging the gap between security tools and SDN controllers. / Wang, Li; Wu, Dinghao.

Security and Privacy in Communication Networks - SecureComm 2017 International Workshops, ATCS and SePrIoT, Proceedings. ed. / Ali Ghorbani; Kui Ren; Sencun Zhu; Aiqing Zhang; Xiaodong Lin. Springer Verlag, 2018. p. 11-31 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 239).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - SecControl

T2 - Bridging the gap between security tools and SDN controllers

AU - Wang, Li

AU - Wu, Dinghao

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Software-defined networking (SDN) is a promising paradigm to improve network security protections. A lot of security enhancements through SDN have been proposed. However, current SDN-based security solutions can hardly provide sufficient protections in a real SDN network, due to several reasons: (1) they are implemented at either the centralized SDN controllers or the decentralized network devices, which are subject to a performance limitation; (2) their designs are confined by SDN network characteristics and can only provide limited security functions; (3) many solutions have deployment challenges and compatibility issues. In this paper, we propose SecControl, a practical network protection framework combining the existing security tools and SDN technologies, to produce a comprehensive network security solution in an SDN environment. By employing the capabilities of existing security tools, SecControl is able to perceive the real-time security events dynamically and adjust the protected network environment correspondingly. It can be easily extended with various methods for different security threats. With SecControl, we construct a traditional-security-tool-friendly network security solution for software-defined networks. We implement a SecControl prototype with OpenFlow and evaluate its effectiveness and performance. Our experiment shows that SecControl can cooperate with many mainstream security tools and provide effective defense responses over SDN-supported networks.

AB - Software-defined networking (SDN) is a promising paradigm to improve network security protections. A lot of security enhancements through SDN have been proposed. However, current SDN-based security solutions can hardly provide sufficient protections in a real SDN network, due to several reasons: (1) they are implemented at either the centralized SDN controllers or the decentralized network devices, which are subject to a performance limitation; (2) their designs are confined by SDN network characteristics and can only provide limited security functions; (3) many solutions have deployment challenges and compatibility issues. In this paper, we propose SecControl, a practical network protection framework combining the existing security tools and SDN technologies, to produce a comprehensive network security solution in an SDN environment. By employing the capabilities of existing security tools, SecControl is able to perceive the real-time security events dynamically and adjust the protected network environment correspondingly. It can be easily extended with various methods for different security threats. With SecControl, we construct a traditional-security-tool-friendly network security solution for software-defined networks. We implement a SecControl prototype with OpenFlow and evaluate its effectiveness and performance. Our experiment shows that SecControl can cooperate with many mainstream security tools and provide effective defense responses over SDN-supported networks.

UR - http://www.scopus.com/inward/record.url?scp=85046543509&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85046543509&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-78816-6_2

DO - 10.1007/978-3-319-78816-6_2

M3 - Conference contribution

SN - 9783319788159

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 11

EP - 31

BT - Security and Privacy in Communication Networks - SecureComm 2017 International Workshops, ATCS and SePrIoT, Proceedings

A2 - Ghorbani, Ali

A2 - Ren, Kui

A2 - Zhu, Sencun

A2 - Zhang, Aiqing

A2 - Lin, Xiaodong

PB - Springer Verlag

ER -

Wang L, Wu D. SecControl: Bridging the gap between security tools and SDN controllers. In Ghorbani A, Ren K, Zhu S, Zhang A, Lin X, editors, Security and Privacy in Communication Networks - SecureComm 2017 International Workshops, ATCS and SePrIoT, Proceedings. Springer Verlag. 2018. p. 11-31. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). https://doi.org/10.1007/978-3-319-78816-6_2