SDN-RBAC: An Access Control Model for SDN Controller Applications

The architecture of Software-defined Networks provides the flexibility in developing innovative networking applications for managing and analyzing the network from a centralized controller. Since these applications directly and dynamically access critical network resources, any privilege abuse from controller applications could lead to various attacks impacting the entire network domain. As a result, the security concern is ranked one of the top issues that prevent enterprise and data center networks from adopting SDN. Since access control is a natural solution to the over-privilege problem and to address this critical security issue, we propose and implement a formal role-based access control model (SDN-RBAC) for SDN applications that helps in applying least of privilege principle at the level of applications and their sessions. We also identify different approaches in which the system can handle application sessions in order to reduce exposure to the network attack surface in case of application being compromised, buggy, or malicious. Through proof-of-concept prototype, we implemented our model with multi-session support in Floodlight controller and used hooking techniques to enforce the security policy without any change to the code of the Floodlight framework. The implementation verifies the model’s usability and effectiveness against unauthorized access requests by controller applications and shows how the framework can identify application sessions and reject unauthorized operations in real time.