Authorizing network control at software defined internet exchange points

Arpit Gupta, Nick Feamster, Laurent Vanbever

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

Software Defined Internet Exchange Points (SDXes) increase the flexibility of interdomain traffic delivery on the Internet. Yet, an SDX inherently requires multiple participants to have access to a single, shared physical switch, which creates the need for an authorization mechanism to mediate this access. In this paper, we introduce a logic and mechanism called FLANC (A Formal Logic for Authorizing Network Control), which authorizes each participant to control forwarding actions on a shared switch and also allows participants to delegate forwarding actions to other participants at the switch (e.g., a trusted third party). FLANC extends "says" and "speaks for" logic that have been previously designed for operating system objects to handle expressions involving network traffic flows. We describe FLANC, explain how participants can use it to express authorization policies for realistic interdomain routing settings, and demonstrate that it is efficient enough to operate in operational settings.

Original languageEnglish (US)
Title of host publicationSymposium on Software Defined Networking (SDN) Research, SOSR 2016
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450334518
DOIs
StatePublished - Mar 14 2016
EventSymposium on Software Defined Networking (SDN) Research, SOSR 2016 - Santa Clara, United States
Duration: Mar 14 2016Mar 15 2016

Publication series

NameSymposium on Software Defined Networking (SDN) Research, SOSR 2016

Other

OtherSymposium on Software Defined Networking (SDN) Research, SOSR 2016
Country/TerritoryUnited States
CitySanta Clara
Period3/14/163/15/16

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software

Keywords

  • BGP
  • Internet exchange point (IXP)
  • Software defined networking (SDN)

Fingerprint

Dive into the research topics of 'Authorizing network control at software defined internet exchange points'. Together they form a unique fingerprint.

Cite this