On Network Operating System Security
Christian Röpke, Thorsten Holz
International Journal of Network Management (IJNM) - Special Issue on Software-Defined Networking and Network Function Virtualization for Flexible Network Management, 2016
The emerging concept of Software-Defined Networking (SDN) enables new opportunities particularly for building future networks. In such networks, a so called Network Operating System (NOS), which is also called as SDN controller, provides services to manage the underlying network infrastructure. Thus, it plays a major role in SDN. On top, so called SDN applications leverage NOS services and implement business needs in order to orchestrate the network. Thereby, such applications have access to all kinds of operations including critical ones which enable access to valuable resources of the NOS. In case of buggy and malicious SDN applications, we demonstrate that today's NOSs can be harmed significantly through fatal errors and the adverse use of critical operations. To tackle this problem, we propose a sandbox system which allows restricting not only SDN applications but also NOS components to access only a configurable set of critical operations. In particular, this enables operators to prevent the entire NOS from crashing in case a single SDN application or NOS component runs into a fatal error. Furthermore, operators can specify unwanted critical operations to which access can be denied, thus, preventing the potential misuse of critical operations. For our proposal, we provide two proof-of-concept implementations, one for the industry's leading open source NOS OpenDaylight and another one for the HP controller. As a result, we enable to harden a mandatory SDN component, i.e., the NOS, and achieve robustness as well as pro-active security against faulty and malicious SDN software.