Authorizing Network Control at Software Defined Internet Exchange Points
Title | Authorizing Network Control at Software Defined Internet Exchange Points |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Gupta, Arpit, Feamster, Nick, Vanbever, Laurent |
Conference Name | Proceedings of the Symposium on SDN Research |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-4211-7 |
Keywords | BGP, composability, Internet exchange point (IXP), pubcrawl, Resiliency, Scalability, software defined networking (SDN), Trust Routing |
Abstract | Software Defined Internet Exchange Points (SDXes) increase the flexibility of interdomain traffic delivery on the Internet. Yet, an SDX inherently requires multiple participants to have access to a single, shared physical switch, which creates the need for an authorization mechanism to mediate this access. In this paper, we introduce a logic and mechanism called FLANC (A Formal Logic for Authorizing Network Control), which authorizes each participant to control forwarding actions on a shared switch and also allows participants to delegate forwarding actions to other participants at the switch (e.g., a trusted third party). FLANC extends "says" and "speaks for" logic that have been previously designed for operating system objects to handle expressions involving network traffic flows. We describe FLANC, explain how participants can use it to express authorization policies for realistic interdomain routing settings, and demonstrate that it is efficient enough to operate in operational settings. |
URL | http://doi.acm.org/10.1145/2890955.2890956 |
DOI | 10.1145/2890955.2890956 |
Citation Key | gupta_authorizing_2016 |