Skip to main content
SpringerLink
Log in

Detection of Incongruent Firewall Rules and Flow Rules in SDN

  • Conference paper
  • First Online:
Book cover Artificial Intelligence and Evolutionary Computations in Engineering Systems

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 517))

Abstract

The networking is the backbone that supports the vast area of Information Technology. SDN is the new road that takes the conventional networking to greater heights. SDN is going to aid all future innovations and developments in the field of networking. SDN stands for Software Defined Networking, this separates the network into two planes namely data plane and control plane. A data plane is the abstraction of all the hardware side of the network and the control plane is the central unit that acts like a brain controlling the entire network. This dual architecture thus helps to maintain a network that is centralized, highly scalable, flexible etc. The programmability of the network opens the window of scope for greater innovations and developments. SDN can gracefully accommodate technology shifts. At the same time SDN posses certain security issues that need to be addressed. As a widely flourishing and developing networking method, these security issues need to be tackled. In this paper we are trying to address the security issue of rewriting flow entries in switches. We propose an algorithm for the detection of incongruence between firewall rules and flow rules and thus we overcome the threat caused by modification of flow entries. The proposed system is for Open Flow based Firewalls. The system is intended to boost the security capabilities of SDN, thereby minimizing some of the security challenges in SDN.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 299.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 379.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Hongxin Hu, Wonkyu Han, Gail-JoonAhn and Ziming Zhao “FLOWGUARD: Building Robust Firewalls for Software-Defined Networks” Clemson University Arizona State University.

    Google Scholar 

  2. Wolfgang Braun and Michael Menth “Software-Defined Networking Using OpenFlow: Protocols, Applications and Architectural Design Choices” Department of Computer Science, University of Tuebingen, Sand 13, Tuebingen 72076, Germany.

    Google Scholar 

  3. Phillip Porras, Steven Cheung, MartinFong, Keith Skinner, and VinodYegneswaran “Securing the Software-Defined Network Control Layer”.

    Google Scholar 

  4. Seunghyeon Lee, Chanhee Lee, Hyeonseong Jo, Jinwoo Kim, Seungsoo Lee, Jaehyun Nam, Taejune Park, Changhoon Yoon, Yeonkeun Kim, Heedo Kang, and Seungwon Shin “A Playground for Software-Defined Networking Security” GSIS, School of Computing, KAIST.

    Google Scholar 

  5. Jérôme François, LautaroDolberg, Olivier Festor, Thomas EngelSnT “Network Security through Software Defined Networking: a Survey” - University of Luxembourg.

    Google Scholar 

  6. Michelle Suh, SaeHyong Park, Byungjoon Lee, Sunhee Yang “Building Firewall over the Software-Defined Network Controller” SDN Research Section, ETRI (Electronics and Telecommunications Research Institute), Korea.

    Google Scholar 

  7. Hongxin Hu, Wonkyu Han, Gail-JoonAhn, and ZimingZhao “Towards a reliable SDN firewall” Clemson University Arizona State University.

    Google Scholar 

  8. Michael Jarschel, Thomas Zinner, Tobias Hobfeld, Phuoc Tran-Gia. “Interfaces, attributes and use cases—a compass for SDN”.

    Google Scholar 

  9. Mininet, an instant virtual platform http://mininet.org/.

  10. PeymanKazemian, Nick McKeown, George Varghese “Header Space Analysis: Static Checking For Networks” Stanford University, UCSD and Yahoo! Research.

    Google Scholar 

  11. Juan Wang, Yang Wang, Hongxin Hu, Qingxin Sun, He Shi, and LangjieZeng. “Towards a Security-Enhanced Firewall Application for Openflow Network”.

    Google Scholar 

  12. PeymanKazemian, Michael Chang, HongyiZeng, George Varghese, Nick McKeown, Scott Whyte “Real Time Network Policy Checking using Header Space Analysis”.

    Google Scholar 

  13. Pooja, Manu Sood “SDN and Mininet: Some Basic Concepts” Department of Computer Science, Himachal Pradesh University, Shimla.

    Google Scholar 

  14. Sukhveer Kaur1, Japinder Singh2 and Navtej Singh Ghumman “Network Programmability Using POX Controller” 3 1,2,3 Department of Computer Science and Engineering, SBS State Technical Campus, Ferozepur, India.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of CS & IT, Amrita School of Arts and Sciences Kochi, Amrita Vishwa Vidyapeetham, Kochi, India

    Nandita Pallavi, A. S. Anisha & V. Leena

Authors
  1. Nandita Pallavi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. S. Anisha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. V. Leena
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nandita Pallavi .

Editor information

Editors and Affiliations

  1. Department of Electrical and Electronics Engineering, SRM University, Chennai, Tamil Nadu, India

    Subhransu Sekhar Dash

  2. Department of Electrical and Electronics Engineering, SRM University, Chennai, Tamil Nadu, India

    K. Vijayakumar

  3. Department of Electrical and Electronics Engineering, Indian Institute of Technology Delhi, New Delhi, India

    Bijaya Ketan Panigrahi

  4. Electronics and Communication Sciences Unit, Indian Statistical Institute, Kolkata, West Bengal, India

    Swagatam Das

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

Pallavi, N., Anisha, A.S., Leena, V. (2017). Detection of Incongruent Firewall Rules and Flow Rules in SDN. In: Dash, S., Vijayakumar, K., Panigrahi, B., Das, S. (eds) Artificial Intelligence and Evolutionary Computations in Engineering Systems. Advances in Intelligent Systems and Computing, vol 517. Springer, Singapore. https://doi.org/10.1007/978-981-10-3174-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-3174-8_2

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-3173-1

  • Online ISBN: 978-981-10-3174-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation