On network operating system security

The emerging concept of software-defined networking SDN enables new opportunities for building future networks. In such setups, a so-called network operating system NOS, which is also known as SDN controller, provides services to manage the underlying and programmable network infrastructure. On top, the so-called SDN applications leverage NOS services and implement business needs in order to orchestrate the network as required. Thereby, such applications have access to all kinds of operations including critical ones to use valuable NOS and SDN resources. In case of faulty and malicious SDN applications, we demonstrate that today's NOSs can be significantly harmed, for example, by fatal errors and the adverse use of critical operations. To tackle this problem, we propose a sandbox system, which allows us to restrict not only SDN applications but also internal NOS components to access only a configurable set of critical operations. This enables operators to prevent the entire NOS from crashing in case a single SDN application or NOS component runs into a fatal error. Furthermore, operators can deny access to unwanted critical operations in order to prevent the potential misuse of such operations. For our proposal, we provide two proof-of-concept implementations: one for the industry's leading open-source NOS called OpenDaylight and another one for the HP controller, which serves as foundation for the world's first SDN App Store. As a result of our work, we harden a mandatory SDN component, that is, the NOS, and achieve robustness as well as pro-active security against faulty and malicious SDN software. Copyright © 2015 John Wiley & Sons, Ltd.