A Secure and Distributed Control Plane for Software Defined Networks.

Software Defined Networks (SDN) emerged as a new paradigm for network management, defining an architecture the physically decouples the control and data planes. An SDN architecture based on a central controller does not scale and neither is fault-tolerant since it presents a single point of failure. Distributed SDN controllers based on an eventually consistent model for the network state also bring serious drawbacks: a complex programming model for network applications; and it can lead to network anomalies. Consequently, solutions considering a consistent model for the network state are emerging. In these approaches, the distributed controllers use a consistent and fault-tolerant data store that keeps relevant network and applications state. Unfortunately, these approaches do not consider security requirements for the SDN. This work aims to design, implement and evaluate a secure and consistent model for the control plane based on DepSpace, a secure tuple space implementation used to coordinate distributed processes. Experimental results show the practical feasibility of the proposed architecture.