Access Control Based Dynamic Path Establishment for Securing Flows from the User Devices with Different Security Clearance

  • Uday TupakulaEmail author
  • Vijay Varadharajan
  • Kallol Karmakar
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 926)


In this work, we proposed Software Defined Networking (SDN) based access control techniques for preventing unauthorised access to traffic flows in secure networks. We have developed an Access Control Application (ACA) for the SDN Controller for differentiating the flow requests from the user/devices that are classified at different security levels and configuring the routes with physical or virtual separation between the flows. This separation of flows makes it difficult for the malicious users with lower security clearance to access the flows that belong to the users with higher security clearance. Hence, our work significantly minimises the attack surface in secure environments. We will also discuss the prototype implementation of our model and some performance characteristics.


Software defined networks Services security Access control Flow security 


  1. 1.
    Berde, P., et al.: ONOS: towards an open, distributed SDN OS. In: Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking, pp. 1–6. ACM (2014)Google Scholar
  2. 2.
    Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M., Haghighat, S.A.: Practical domain and type enforcement for UNIX. In: 1995 Proceedings of the IEEE Symposium on Security and Privacy, pp. 66–77 (1995)Google Scholar
  3. 3.
    Barham, P., et al.: Xen and the art of virtualization. In: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, SOSP 2003, pp. 164–177. ACM Press, New York (2003)Google Scholar
  4. 4.
    Bell, D.E., LaPadula, L.J.: Secure computer system: unified exposition and multics interpretation (1976)Google Scholar
  5. 5.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE (2007)Google Scholar
  6. 6.
    Brewer, D.F., Nash, M.J.: The Chinese Wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214 (1989)Google Scholar
  7. 7.
    Dacier, M.C., et al.: Security challenges and opportunities of software-defined networking. IEEE Secur. Priv. 15(2), 96–100 (2017). Scholar
  8. 8.
    Ferraiolo, D., Kuhn, R.: Role-based access control. In: 15th National Computer Security Conference, pp. 554–563. US National Institute of Standards and Technology (1992)Google Scholar
  9. 9.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)Google Scholar
  10. 10.
    Hong, S., et al.: Poisoning network visibility in software-defined networks: new attacks and countermeasures. In: NDSS (2015)Google Scholar
  11. 11.
    Jansen, R., Juarez, M., Gálvez, R., Elahi, T., Diaz, C.: Inside Job: applying traffic analysis to measure tor from within. In: Network and Distributed System Security Symposium. IEEE Internet Society (2018)Google Scholar
  12. 12.
    Kreutz, D., Ramos, F., Verissimo, P.: Towards secure and dependable software-defined networks. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 55–60. ACM (2013)Google Scholar
  13. 13.
    Lantz, B., Heller, B., McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, p. 19. ACM (2010)Google Scholar
  14. 14.
    Lee, S., et al.: DELTA: a security assessment framework for software-defined networks. In: Proceedings of NDSS, vol. 17 (2017)Google Scholar
  15. 15.
    NSA: SELinux Related Work (2012). Accessed July 2012
  16. 16.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control: a multi-dimensional view. In: 1994 Proceedings of the 10th Annual Computer Security Applications Conference, pp. 54–62 (1994)Google Scholar
  17. 17.
    Schehlmann, L., Abt, S., Baier, H.: Blessing or curse? Revisiting security aspects of software-defined networking. In: 10th International Conference on Network and Service Management, pp. 382–387. IEEE (2014)Google Scholar
  18. 18.
    Schneier, B.: Heartbleed. Schneier On Security, Blog (2014)Google Scholar
  19. 19.
    Mininet Team: Mininet: an instant virtual network on your laptop (or other PC). Google scholar (2012)Google Scholar
  20. 20.
    Tomšŭ, R., Marchal, S., Asokan, N.: Profiling users by modeling web transactions. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 2399–2404. IEEE (2017)Google Scholar
  21. 21.
    Trusted Computing Group: Incorporated: TPM main, part 1 design principles. Technical report, revision 116, Trusted Computing Group, Inc. (2011)Google Scholar
  22. 22.
    Zhou, L., Varadharajan, V., Hitchens, M.: Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans. Inf. Forensics Secur. 8(12), 1947–1960 (2013)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Uday Tupakula
    • 1
    Email author
  • Vijay Varadharajan
    • 1
  • Kallol Karmakar
    • 1
  1. 1.Advanced Cyber Security Engineering Research CentreThe University of NewcastleNewcastleAustralia

Personalised recommendations