Skip to main content
SpringerLink
Log in

OAuthkeeper: An Authorization Framework for Software Defined Network

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Implementing REST API for SDN is quite challenging compared to conventional web services. First, the state transfers in SDN are more complex among network devices, controllers, and applications. Second, SDN provides more granular resources in both the controller and the network device itself. Those challenges require SDN to have a proper REST API security definition, which is currently not available in most of the SDN controllers. In this paper, we propose and implement a REST API security module for SDN controller based on OAuth 2.0. We answer the SDN REST API security challenges by presenting novel access control parameters to cope with the granular resources introduced by SDN. Our prototype maintains the best trade-off between performance and safety by generating a maximum value of 15% overhead during our benchmark. It also offers a customizable and flexible access control for the network in various use cases.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. ONF: Software-Defined Networking: The New Norm for Networks. https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/wp-sdn-newnorm.pdf (2012). Accessed 20 Feb 2017

  2. Rao, S.: SDN’s Scale Out Effect on OpenStack Neutron. http://thenewstack.io/sdn-controllers-and-openstack-part1/ (2014). Accessed 27 Jan 2015

  3. Berde, P., Gerola, M., Hart, J., Higuchi, Y., Kobayashi, M., Koide, T., Lantz, B., O’Connor, B., Radoslavov, P., Snow, W.: ONOS: towards an open, distributed SDN OS. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 1–6. ACM, (2014)

  4. Medved, J., Varga, R., Tkacik, A., Gray, K.: Opendaylight: towards a model-driven SDN controller architecture. In: 2014 IEEE 15th International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), pp. 1–6. IEEE, (2014)

  5. Pickett, G.: Abusing Software Define Networks. https://www.blackhat.com/docs/eu-14/materials/eu-14-Pickett-Abusing-Software-Defined-Networks-wp.pdf (2014). Accessed 20 Feb 2017

  6. Floodlight. http://www.projectfloodlight.org/floodlight/. Accessed 27 July 2015

  7. Hardt, D (ed.): The OAuth 2.0 Authorization Framework. RFC (2012). doi:10.17487/rfc6749

  8. Porras, P., Cheung, S., Fong, M., Skinner, K., Yegneswaran, V.: Securing the software-defined network control layer. In: Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS), San Diego, California 2015

  9. ONF: OpenFlow Switch Specification Version 1.0. https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.0.0.pdf (2008). Accessed 20 Feb 2017

  10. Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G.: A security enforcement kernel for OpenFlow networks. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 121–126. (2012). doi:10.1145/2342441.2342466

  11. Jones, M., Hardt, D.: The OAuth 2.0 Authorization Framework: Bearer Token Usage. RFC (2012). doi:10.17487/rfc6750

  12. Jones, M., Bradley, J., Sakimura, N.: JSON Web Token (JWT). RFC (2015). doi:10.17487/rfc7519

  13. Richer, J., Mills, W., Tschofenig, H.: OAuth 2.0 message authentication code (MAC) tokens. In: Internet-Draft, IETF, (2014)

  14. Burke, B.: Restful Java with Jax-RS 2.0. O’Reilly Media Inc., Newton (2013)

    Google Scholar 

  15. Lantz, B., Heller, B., McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, p. 19. ACM, (2010)

  16. Heyman, J., Byström, C., Hamrén, J., Heyman, H.: Locust: a Modern Load Testing Framework. http://locust.io/. Accessed 2 Dec 2016

  17. Zhou, W., Li, L., Luo, M., Chou, W.: REST API design patterns for SDN northbound API. In: 2014 28th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 358–365. IEEE, (2014)

  18. Zhou, W., Li, L., Chou, W.: SDN northbound REST API with efficient caches. In: IEEE International Conference on Web Services (ICWS), pp. 257–264. IEEE, (2014)

  19. Oktian, Y.E., Lee, S., Lee, H., Lam, J.: Secure your northbound SDN API. In: 2015 Seventh International Conference on Ubiquitous and Future Networks (ICUFN), pp. 919–920. IEEE, (2015)

  20. Hu, Z., Wang, M., Yan, X., Yin, Y., Luo, Z.: A comprehensive security architecture for SDN. In: 2015 18th International Conference on Intelligence in Next Generation Networks (ICIN), pp. 30–37. IEEE, (2015)

  21. Dec, W.: AAA: Main. https://wiki.opendaylight.org/view/AAA:Main (2014). Accessed 25 September 2015

  22. HP: HP SDN REST API and Security. http://h17007.www1.hp.com/docs/networking/solutions/sdn/devcenter/09_-_HP_SDN_REST_API_and_Security_TCG_v1_3013-10-01.pdf (2013). Accessed 20 Feb 2017

Download references

Acknowledgements

This research was supported by Basic Science Research Program through National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (Grant Number: NRF-2014R1A1A2060021).

Author information

Authors and Affiliations

  1. Division of Computer Engineering, Department of Ubiquitous IT, Dongseo University, 47 Jurye-ro, Sasang-gu, Busan, 617-716, South Korea

    Yustus Eko Oktian, Sang-Gon Lee & JunHuy Lam

Authors
  1. Yustus Eko Oktian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sang-Gon Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. JunHuy Lam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sang-Gon Lee.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Oktian, Y.E., Lee, SG. & Lam, J. OAuthkeeper: An Authorization Framework for Software Defined Network. J Netw Syst Manage 26, 147–168 (2018). https://doi.org/10.1007/s10922-017-9411-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-017-9411-6

Keywords

Search

Navigation