TY - GEN
T1 - Authorizing network control at software defined internet exchange points
AU - Gupta, Arpit
AU - Feamster, Nick
AU - Vanbever, Laurent
N1 - Publisher Copyright:
© 2016 ACM.
PY - 2016/3/14
Y1 - 2016/3/14
N2 - Software Defined Internet Exchange Points (SDXes) increase the flexibility of interdomain traffic delivery on the Internet. Yet, an SDX inherently requires multiple participants to have access to a single, shared physical switch, which creates the need for an authorization mechanism to mediate this access. In this paper, we introduce a logic and mechanism called FLANC (A Formal Logic for Authorizing Network Control), which authorizes each participant to control forwarding actions on a shared switch and also allows participants to delegate forwarding actions to other participants at the switch (e.g., a trusted third party). FLANC extends "says" and "speaks for" logic that have been previously designed for operating system objects to handle expressions involving network traffic flows. We describe FLANC, explain how participants can use it to express authorization policies for realistic interdomain routing settings, and demonstrate that it is efficient enough to operate in operational settings.
AB - Software Defined Internet Exchange Points (SDXes) increase the flexibility of interdomain traffic delivery on the Internet. Yet, an SDX inherently requires multiple participants to have access to a single, shared physical switch, which creates the need for an authorization mechanism to mediate this access. In this paper, we introduce a logic and mechanism called FLANC (A Formal Logic for Authorizing Network Control), which authorizes each participant to control forwarding actions on a shared switch and also allows participants to delegate forwarding actions to other participants at the switch (e.g., a trusted third party). FLANC extends "says" and "speaks for" logic that have been previously designed for operating system objects to handle expressions involving network traffic flows. We describe FLANC, explain how participants can use it to express authorization policies for realistic interdomain routing settings, and demonstrate that it is efficient enough to operate in operational settings.
KW - BGP
KW - Internet exchange point (IXP)
KW - Software defined networking (SDN)
UR - http://www.scopus.com/inward/record.url?scp=84982797813&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84982797813&partnerID=8YFLogxK
U2 - 10.1145/2890955.2890956
DO - 10.1145/2890955.2890956
M3 - Conference contribution
AN - SCOPUS:84982797813
T3 - Symposium on Software Defined Networking (SDN) Research, SOSR 2016
BT - Symposium on Software Defined Networking (SDN) Research, SOSR 2016
PB - Association for Computing Machinery, Inc
T2 - Symposium on Software Defined Networking (SDN) Research, SOSR 2016
Y2 - 14 March 2016 through 15 March 2016
ER -