We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:

References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: B-DAC: A Decentralized Access Control Framework on Northbound Interface for Securing SDN Using Blockchain

Abstract: Software-Defined Network (SDN) is a new arising terminology of network architecture with outstanding features of orchestration by decoupling the control plane and the data plane in each network element. Even though it brings several benefits, SDN is vulnerable to a diversity of attacks. Abusing the single point of failure in the SDN controller component, hackers can shut down all network operations. More specifics, a malicious OpenFlow application can access to SDN controller to carry out harmful actions without any limitation owing to the lack of the access control mechanism as a standard in the Northbound. The sensitive information about the whole network such as network topology, flow information, and statistics can be gathered and leaked out. Even worse, the entire network can be taken over by the compromised controller. Hence, it is vital to build a scheme of access control for SDN's Northbound. Furthermore, it must also protect the data integrity and availability during data exchange between application and controller. To address such limitations, we introduce B-DAC, a blockchain-based framework for decentralized authentication and fine-grained access control for the Northbound interface to assist administrators in managing and protecting critical resources. With strict policy enforcement, B-DAC can perform decentralized access control for each request to keep network applications under surveillance for preventing over-privileged activities or security policy conflicts. To demonstrate the feasibility of our approach, we also implement a prototype of this framework to evaluate the security impact, effectiveness, and performance through typical use cases.
Comments: 23 pages, 14 figures, 14 tables
Subjects: Cryptography and Security (cs.CR); Networking and Internet Architecture (cs.NI)
Journal reference: Journal of Information Security and Applications, 2022
DOI: 10.1016/j.jisa.2021.103080
Report number: Volume 64, February 2022
Cite as: arXiv:2111.00707 [cs.CR]
  (or arXiv:2111.00707v1 [cs.CR] for this version)

Submission history

From: Duy Phan Mr [view email]
[v1] Mon, 1 Nov 2021 04:59:19 GMT (4559kb,D)

Link back to: arXiv, form interface, contact.