PERM-GUARD: Authenticating the Validity of Flow Rules in
Software Defined Networking
Mengmeng Wang, Jianwei Liu, Jie Chen, Xiao liu, Jian Mao
School of Electronic and Information Engineering, Beihang University, Beijing, China
Email: jane10603@126.com; liujianwei@buaa.edu.cn; chenjiey@foxmail.com; liuxiaobh@gmail.com; maojian@buaa.edu.cn
Abstract—Software Defined Networking (SDN) is one of the
typical flow-rule-driven networks. In SDN, a centralized con-
troller dictates the network behavior and configures network
devices with many flow rules, and the validity and consistency
of flow rules could guarantee the normal operations in SDN.
Therefore, SDN requires a secure and efficient mechanism to
manage and authenticate flow rules between the application
layer and the control layer. In this paper, our target problem
is to authenticate the validity of flow rules in SDN. We analyze
the mechanisms to generate and insert flow rules in SDN
respectively, and present PERM-GUARD, a fine-grained flow
rule production-permission authentication scheme. PERM-
GUARD employs a new permission authentication model and
introduces an identity-based signature scheme to ensure that
the controller can verify the validity of flow rules. We conduct
theoretical analysis and evaluate our approach by simulation.
The results demonstrate that PERM-GUARD can efficiently
identify and reject fake flow rules generated by unregistered
applications. Meanwhile, our approach can also effectively filter
unauthorized flow rules created by valid applications.
Keywords-Software Defined Networking, Flow-Rule-
Validity Authentication, Identity-Based Signature, Flow Rule
Production-Permissions Management
I. INTRODUCTION
Software Defined Networking (SDN) is a typical cen-
tralized network architecture for managing and operating
computer networks, and it introduces high programmability
and dynamic orchestration of many enterprise networks by
centralizing network control logic and separating itself from
the underlying routers and switches [1–4]. In SDN, the
controller dictates the network behavior and configures the
network devices through some simple APIs in the form of
flow rules. Therefore, it is flow rules that determine when
or if the network traffic will go through a network device.
SDN is promised to facilitate network management and
ease the burden of solving networking problems by means of
the logically centralized control offered by a controller. To
date, there are many kinds of controllers, e.g., NOX, POX,
Floodlight, and OpenDaylight. However, at the beginning
of controller design, the main concerns of developers are
network resources control, routing and scheduling. One
example of the design principles that was not included as
one of the main concerns is security of flow rules.
Flow rules in SDN are dynamically generated by a va-
riety of applications (e.g., OpenFlow applications, security
applications) and the network administrator, and then they
will be sent by the controller to network devices in the
infrastructure layer, in response to some special perceived
threats. Network devices in the infrastructure layer have
absolute trust in flow rules sent by the controller, and
take them as important guidelines to perform operations.
However, the current SDN community lacks a secure and
efficient flow rule authorization mechanism to manage and
authenticate the flow rules between the application layer and
the control layer. A flow rule may be tampered or forged in
the process of its generating, sending and executing.
In SDN, adversaries could launch attacks on flow rules
even by writing some remote/local programs, rather than by
buying a lot of expensive network equipment. If an attacker
could generate some malicious flow rules by masquerading
as a valid application, or tamper with the valid flow rules
generated by a valid application, the normal flow rule
production mechanism in SDN would be damaged. Then, a
lot of illegal data packets could bypass many security devices
(e.g., firewalls, intrusion detection systems) that deployed in
SDN. In the worst case, an adversary may tamper with a set
of flow rules, or generate some fake flow rules, to control
the state of all switches in a SDN network. Therefore,
ensuring the legality and correctness of flow rules in SDN,
and preventing the proliferation of malicious flow rules, are
clearly error-prone and challenging.
Contributions: In this paper, we focus on the question
of how to authenticate the validity of flow rules in SDN.
By analyzing two key issues: (i) the flow-rule-production-
permission mechanism, and (ii) how could flow rules that
generated by a variety of applications be authenticated by
the controller, we propose PERM-GUARD, a new model to
verify and authenticate the validity of flow rules in SDN. To
summarize, this paper’s contributions include the following:
(1) We present PERM-GUARD, a fine-grained flow rule
production-permissions management model, which could
prevent fake flow rules produced by unregistered applica-
tions, and filter out flow rules beyond the granted permis-
sions of registered applications.
(2) An identity-based signature scheme is introduced into
2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing
978-1-4673-9300-3/15 $31.00 © 2015 IEEE
DOI 10.1109/CSCloud.2015.89
127