Collaborating with the enemy on network management

Chris Hall, Dongting Yu, Zhi li Zhang, Jonathan Stout, Andrew Odlyzko, Andrew W. Moore, Jean Camp, Kevin Benton, Ross Anderson

Research output: Chapter in Book/Report/Conference proceedingChapter

6 Scopus citations

Abstract

Software Defined Networking (SDN) deconstructs the current routing infrastructure into a small number of controllers, which are general purpose computers, and a large number of switches which are programmable forwarding engines. It is already deployed in data centres, where it offers considerable advantages of both cost and flexibility over a switching fabric of traditional routers. Such applications have a single controlling organisation and issues of trust between subdomains do not really arise. However for SDN to fulfil its potential, it is necessary to design and develop mechanisms for smart networks with mutually mistrustful principals. In an earlier paper, we used as an example an airport where we might have 100,000 staff working for 3,000 different firms which include not just competitors but also organisations in a state of conflict (for example, El Al and Iran Air). That paper discussed using hierarchical control structures to delegate trust with mechanisms focussed on preventing denialof- service attacks, with the assumption that confidentiality and integrity would be provided by the principals at higher layers. But this turns out to be a quagmire. Can you run your app and your enemy’s app on the same controllers of the same fabric, and get a passable separation of behaviour on private networks that run over the same switches? And can all this be done without a trusted root anywhere? This paper reports a project to build a test environment that adapts Quagga so that a software defined network can be automatically configured using information learned from BGP. Our Quagga for SDN Module, “QuaSM”, is designed to support the use of SDN in three further use cases: in a network exchange point, in an organisation seeking to join up two or more SDN islands using an existing BGP fabric; and in security research on virtual networking.

Original languageEnglish (US)
Title of host publicationSecurity Protocols XXII - 22nd International Workshop, Revised Selected Papers
EditorsFrank Stajano, Vashek Matyáš, Petr Švenda, Jonathan Anderson, Bruce Christianson, James Malcolm
PublisherSpringer Verlag
Pages154-162
Number of pages9
ISBN (Electronic)9783319123998
DOIs
StatePublished - 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8809
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Bibliographical note

Publisher Copyright:
© Springer International Publishing Switzerland.

Fingerprint

Dive into the research topics of 'Collaborating with the enemy on network management'. Together they form a unique fingerprint.

Cite this