Security-Mode ONOS

Security-Mode ONOS

ONOS provides “useful Northbound abstractions and APIs to enable easier application development”. Such abstractions and APIs are not only easy to use but also powerful as they basically allow ONOS applications to do anything desired, and it is indeed necessary to grant such a powerful authority to applications to offer as much network programmability as possible. Such powerful capabilities of ONOS applications may introduce potential misuse opportunities or software failures, and eventually affect the behavior of the managed network. In the case of the network with certain requirements (e.g., mission-critical networks), the network operators may want to configure the controller environment to be a bit more conservative by restricting the capability of the applications. For those who wish to configure ONOS to behave in a conservative manner, we propose two features that could be applied to ONOS.

Delta

Delta

In this project, we focus on the vulnerabilities of SDN network environments and aim to systematize or characterize existing vulnerabilities motivated by above questions. Also, besides existing the vulnerabilities, we are trying to find some new vulnerabilities that have not been reported yet. With such out effort, we could disclose some new vulnerabilities, which means that we seriously need to scrutinize the security problems of ongoing SDN techniques. These vulnerabilities explicitly call for the need to develop secure SDN environments.

ROSEMARY

ROSEMARY

In this project, we focus on the question of control layer resilience, when rapidly developed prototype network applications go away, or third-party network applications incorporate unexpected vulnerabilities, fatal instabilities, or even malicious logic. To address these concerns we present the ROSEMARY controller, which implements a network application containment and resilience strategy based around the notion of spawning applications independently within a micro-NOS. ROSEMARY distinguishes itself by its blend of process containment, resource utilization monitoring, and an application permission structure, all designed to prevent common failures of network applications from halting operation of the SDN Stack. ROSEMARY offers a competitive performance advantage over the majority of other controllers.