Role Based Access Control for Software Defined Networking: Formal Models and Implementation
The architecture of Software Defined Networking (SDN) provides the flexibility in developing innovative networking applications for managing and analyzing the network from a centralized controller. Since these applications directly and dynamically access critical network resources, any privilege abuse from controller applications could lead to various attacks impacting the entire network domain. It is believed that SDN can, in time, prove to be one of the most impactful technologies to drive a variety of innovations in network technology. However, the security community is relatively slow in embracing SDN. As a result, the security concern is ranked one of the top issues that slow full adoption of this technology. When network applications submit an operation to manipulate network state or request state information, the controller should employ methods to identify unauthorized access requests submitted by applications. Access control is a natural solution for preventing unauthorized operations and avoid insecure access to network resources. However, at present there is no widely accepted authorization system for applications for SDN. One reason for lack of such system is the absence of clear definition of an access control model for SDN Applications. We believe the reason why the security community is slow in embracing access control in SDN is mainly because proper access control solutions and use cases are currently not sufficiently exposed to them yet. A deeper understanding of access control in SDN technology will help security researchers produce new, better, and effective solutions. In this dissertation, we show our steps towards developing effective operational and administrative role-based access control models for SDN. In an attempt to understand and develop effective authorization solutions for SDN, we first formalize an access control system pertaining to an authorization system from literature called security-enhanced Floodlight. Second, we propose a role based access control model for SDN controller apps, we called SDN-RBAC, complaint with generally accepted academic concepts of RBAC. We implement SDN-RBAC model with multi-session support in Floodlight controller and use hooking techniques to enforce the security policy without any change to the code of the controller. The implementation verifies the model's usability and effectiveness against unauthorized access requests by controller applications and shows how the framework can identify application sessions and reject unauthorized operations in real time. Third, to cater for the need to a more granular access control and the need for applying minimum privileges on applications, we propose ParaSDN, an enhanced model that provides a fine grained access control using the concept of parameterized roles and permissions. To demonstrate the applicability and feasibility of our proposed model, we configured proof of concept use cases and implemented a prototype in the controller. Finally, we introduce a concept of proxy and custom operations to extend the capabilities of SDN controller, and provide fine grained custom permissions specialized for the administration of SDN access control. With these extended features, we present SDN-RBACa, an administrative model to manage access control actions that define network app authorizations. Through proof of concept use cases and implementation, we demonstrate the usability of proxy operations and custom permissions and show how they enable and facilitate the administration of access control in SDN.