final version.pdf (2.76 MB)
Cross-layer access control in publish/subscribe middleware over software-defined networks
journal contribution
posted on 2019-02-14, 08:48 authored by Y Zhang, H Zhou, J-L ChenWhen technologies of software-defined networks (SDNs) provide a chance to improve the quality of service
(QoS) of publish/subscribe middlewares, new chances are also arising for adversaries to attack the networks
and the middlewares. We here propose a cross-layer access control solution to protect the publish/subscribe
middleware over SDNs. Applications over a publish/subscribe middleware interact by an indirect, anonymous
and multicast event communication paradigm, where we hope that the applications, the middleware, and the
underlying network collaborate to realize the access control of reading/writing events. The key issue is how
to use the flow matching capability of SDN switches to efficiently and securely enforce complex authorization
policies that include multiple conjunction and disjunction structures. It is required to resist against the collusion
attacks of SDN controllers and subscribers when the middleware/network is partially delegated to enforce the
authorization policies of publishers. In our cross-layer solution, a policy representation method is presented
to encode authorization policies into flow entries with high data compression and security, and a two-party
computation method is presented to carry out secret sharing for defeating malicious SDN controllers and
subscribers. Finally, our solution is evaluated to show its effectiveness.
Funding
This work is supported by the National Natural Science Foundation of China (no. 61372115), the National Key Research and Development Program of China (No. 2018YFB1003800), and EU H2020 DOMINOES Project (No. 771066).
History
Citation
Computer Communications, 2019, 134, pp. 1-13Author affiliation
/Organisation/COLLEGE OF SCIENCE AND ENGINEERING/Department of InformaticsVersion
- AM (Accepted Manuscript)