SecControl: Bridging the gap between security tools and SDN controllers

Li Wang, Dinghao Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Software-defined networking (SDN) is a promising paradigm to improve network security protections. A lot of security enhancements through SDN have been proposed. However, current SDN-based security solutions can hardly provide sufficient protections in a real SDN network, due to several reasons: (1) they are implemented at either the centralized SDN controllers or the decentralized network devices, which are subject to a performance limitation; (2) their designs are confined by SDN network characteristics and can only provide limited security functions; (3) many solutions have deployment challenges and compatibility issues. In this paper, we propose SecControl, a practical network protection framework combining the existing security tools and SDN technologies, to produce a comprehensive network security solution in an SDN environment. By employing the capabilities of existing security tools, SecControl is able to perceive the real-time security events dynamically and adjust the protected network environment correspondingly. It can be easily extended with various methods for different security threats. With SecControl, we construct a traditional-security-tool-friendly network security solution for software-defined networks. We implement a SecControl prototype with OpenFlow and evaluate its effectiveness and performance. Our experiment shows that SecControl can cooperate with many mainstream security tools and provide effective defense responses over SDN-supported networks.

Original languageEnglish (US)
Title of host publicationSecurity and Privacy in Communication Networks - SecureComm 2017 International Workshops, ATCS and SePrIoT, Proceedings
EditorsAli Ghorbani, Kui Ren, Sencun Zhu, Aiqing Zhang, Xiaodong Lin
PublisherSpringer Verlag
Pages11-31
Number of pages21
ISBN (Print)9783319788159
DOIs
StatePublished - Jan 1 2018
Event13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017 - [state] ON, Canada
Duration: Oct 22 2017Oct 25 2017

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume239
ISSN (Print)1867-8211

Other

Other13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017
CountryCanada
City[state] ON
Period10/22/1710/25/17

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Cite this

Wang, L., & Wu, D. (2018). SecControl: Bridging the gap between security tools and SDN controllers. In A. Ghorbani, K. Ren, S. Zhu, A. Zhang, & X. Lin (Eds.), Security and Privacy in Communication Networks - SecureComm 2017 International Workshops, ATCS and SePrIoT, Proceedings (pp. 11-31). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 239). Springer Verlag. https://doi.org/10.1007/978-3-319-78816-6_2