Detail výsledku

High Level Policies in SDN

POLČÁK, L.; CALDAROLA, L.; CUDA, D.; DONDERO, M.; FICARA, D.; FRANKOVÁ, B.; HOLKOVIČ, M.; CHOUKIR, A.; MUCCIFORA, R.; TRIFILO, A. High Level Policies in SDN. In Communications in Computer and Information Science. Communications in Computer and Information Science. Berlin: Springer International Publishing, 2016. no. 1, p. 39-57. ISBN: 978-3-319-30221-8. ISSN: 1865-0929.
Typ
článek ve sborníku konference
Jazyk
anglicky
Autoři
Polčák Libor, Ing., Ph.D., UIFS (FIT)
Caldarola Leo, FIT (FIT)
Cuda Davide, FIT (FIT)
Dondero Marco, FIT (FIT)
Ficara Domenico, FIT (FIT)
Franková Barbora, Ing., UIFS (FIT), UPSY (FIT)
Holkovič Martin, Ing., Ph.D., UIFS (FIT)
Choukir Amine, FIT (FIT)
Muccifora Roberto, FIT (FIT)
Trifilo Antonio, FIT (FIT)
Abstrakt

Policies for network traffic handling define packet routes through networks, enforce required quality of service, and protect networks from security threats. When expressing a policy, one needs to characterise the traffic to which the policy applies by traffic identifiers. Low level traffic identifiers, such as IP addresses and port numbers, are available in each packet. Indeed, low level traffic identifiers are perfect for data plane routing and switching. However, high level traffic identifiers, such as user name and application name, are better for the readability and clarity of a policy. In this paper, we extend software defined networks with high level traffic identifiers. We propose to add additional interface to SDN controllers for collecting traffic meta data and high level traffic identifiers. The controller maintains a database that maps high level traffic identifiers to a set of flows defined by low level traffic identifiers. SDN applications can apply policies based on both high level and low level traffic identifiers. We leave the southbound protocols intact. This paper provides two examples of High Level SDN paradigms - Application-Aware Networks and Identity-Aware Networks. The first paradigm enables policies depending on application names and characteristics. The latter allows policies based on user names and their roles.

Klíčová slova

Application-aware network; Data planes; High level policies; IP addresss; Network traffic; Packet routes; Port numbers; Security threats

URL
Rok
2016
Strany
39–57
Časopis
Communications in Computer and Information Science, roč. 585, č. 1, ISSN 1865-0929
Sborník
Communications in Computer and Information Science
Konference
6th International Conference on Data Communication Networking
ISBN
978-3-319-30221-8
Vydavatel
Springer International Publishing
Místo
Berlin
DOI
10.1007/978-3-319-30222-5_2
UT WoS
000378740100002
EID Scopus
2-s2.0-84960441365
BibTeX 
@inproceedings{BUT130913,
  author="Libor {Polčák} and Leo {Caldarola} and Davide {Cuda} and Marco {Dondero} and Domenico {Ficara} and Barbora {Franková} and Martin {Holkovič} and Amine {Choukir} and Roberto {Muccifora} and Antonio {Trifilo}",
  title="High Level Policies in SDN",
  booktitle="Communications in Computer and Information Science",
  year="2016",
  journal="Communications in Computer and Information Science",
  volume="585",
  number="1",
  pages="39--57",
  publisher="Springer International Publishing",
  address="Berlin",
  doi="10.1007/978-3-319-30222-5\{_}2",
  isbn="978-3-319-30221-8",
  issn="1865-0929",
  url="http://link.springer.com/chapter/10.1007%2F978-3-319-30222-5_2"
}
Projekty
Moderní prostředky pro boj s kybernetickou kriminalitou na Internetu nové generace, MV, Program bezpečnostního výzkumu České republiky 2010 - 2015, VG20102015022, zahájení: 2010-10-01, ukončení: 2015-09-30, ukončen
Výzkum pokročilých metod ICT a jejich aplikace, VUT, Vnitřní projekty VUT, FIT-S-14-2299, zahájení: 2014-01-01, ukončení: 2016-12-31, ukončen
Výzkumné skupiny
NES@FIT - Výzkumná skupina počítačové sítě (VZ NES@FIT)
Pracoviště
Ústav informačních systémů (UIFS)
Nahoru