Flowtracker: A SDN Stateful Firewall Solution with Adaptive Connection Tracking and Minimized Controller Processing

Thuy Vinh Tran; Heejune Ahn

doi:10.1109/ICSN.2016.7501925

Flowtracker: A SDN Stateful Firewall Solution with Adaptive Connection Tracking and Minimized Controller Processing

Thuy Vinh Tran, Heejune Ahn

Dept. of Electrical and Information Engineering

Seoul National University of Science and Technology (SNUST)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

13 Scopus citations

Abstract

The introduction of Software Defined Networking (SDN) enables possibilities for the next generation of network where the network logic operation is separated from the constraints of underlying hardware. However, the new architecture of SDN also exposes many security risks such as controller DoS attack, configuration channel compromise. This paper analyzes the challenges of stateful firewall realization in SDN environment and presents FlowTracker - a novel stateful firewall solution focusing on maintaining the accuracy and agility of stateful firewall with reduced controller processing and communication overhead between control and data plane. The GENI test bed experiments validates FlowTracker its stateful packet tracking and acceptable level of latency increase.

Original language	English
Title of host publication	2016 1st International Conference on Software Networking, ICSN 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781509016761
DOIs	https://doi.org/10.1109/ICSN.2016.7501925
State	Published - 29 Jun 2016
Event	1st International Conference on Software Networking, ICSN 2016 - Jeju Island, Korea, Republic of Duration: 23 May 2016 → 26 May 2016

Publication series

Name	2016 1st International Conference on Software Networking, ICSN 2016

Conference

Conference	1st International Conference on Software Networking, ICSN 2016
Country/Territory	Korea, Republic of
City	Jeju Island
Period	23/05/16 → 26/05/16

Keywords

connection tracking
Firewall
GENI testbed
Overflow
POX controller
SDN
Stateful firewall

Access to Document

10.1109/ICSN.2016.7501925

Cite this

Tran, T. V., & Ahn, H. (2016). Flowtracker: A SDN Stateful Firewall Solution with Adaptive Connection Tracking and Minimized Controller Processing. In 2016 1st International Conference on Software Networking, ICSN 2016 Article 7501925 (2016 1st International Conference on Software Networking, ICSN 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICSN.2016.7501925

@inproceedings{a886c2509ea04499b75c9f5b96c84cc5,

title = "Flowtracker: A SDN Stateful Firewall Solution with Adaptive Connection Tracking and Minimized Controller Processing",

abstract = "The introduction of Software Defined Networking (SDN) enables possibilities for the next generation of network where the network logic operation is separated from the constraints of underlying hardware. However, the new architecture of SDN also exposes many security risks such as controller DoS attack, configuration channel compromise. This paper analyzes the challenges of stateful firewall realization in SDN environment and presents FlowTracker - a novel stateful firewall solution focusing on maintaining the accuracy and agility of stateful firewall with reduced controller processing and communication overhead between control and data plane. The GENI test bed experiments validates FlowTracker its stateful packet tracking and acceptable level of latency increase.",

keywords = "connection tracking, Firewall, GENI testbed, Overflow, POX controller, SDN, Stateful firewall",

author = "Tran, {Thuy Vinh} and Heejune Ahn",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 1st International Conference on Software Networking, ICSN 2016 ; Conference date: 23-05-2016 Through 26-05-2016",

year = "2016",

month = jun,

day = "29",

doi = "10.1109/ICSN.2016.7501925",

language = "English",

series = "2016 1st International Conference on Software Networking, ICSN 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2016 1st International Conference on Software Networking, ICSN 2016",

}

Tran, TV & Ahn, H 2016, Flowtracker: A SDN Stateful Firewall Solution with Adaptive Connection Tracking and Minimized Controller Processing. in 2016 1st International Conference on Software Networking, ICSN 2016., 7501925, 2016 1st International Conference on Software Networking, ICSN 2016, Institute of Electrical and Electronics Engineers Inc., 1st International Conference on Software Networking, ICSN 2016, Jeju Island, Korea, Republic of, 23/05/16. https://doi.org/10.1109/ICSN.2016.7501925

Flowtracker: A SDN Stateful Firewall Solution with Adaptive Connection Tracking and Minimized Controller Processing. / Tran, Thuy Vinh; Ahn, Heejune.
2016 1st International Conference on Software Networking, ICSN 2016. Institute of Electrical and Electronics Engineers Inc., 2016. 7501925 (2016 1st International Conference on Software Networking, ICSN 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Flowtracker

T2 - 1st International Conference on Software Networking, ICSN 2016

AU - Tran, Thuy Vinh

AU - Ahn, Heejune

PY - 2016/6/29

Y1 - 2016/6/29

N2 - The introduction of Software Defined Networking (SDN) enables possibilities for the next generation of network where the network logic operation is separated from the constraints of underlying hardware. However, the new architecture of SDN also exposes many security risks such as controller DoS attack, configuration channel compromise. This paper analyzes the challenges of stateful firewall realization in SDN environment and presents FlowTracker - a novel stateful firewall solution focusing on maintaining the accuracy and agility of stateful firewall with reduced controller processing and communication overhead between control and data plane. The GENI test bed experiments validates FlowTracker its stateful packet tracking and acceptable level of latency increase.

AB - The introduction of Software Defined Networking (SDN) enables possibilities for the next generation of network where the network logic operation is separated from the constraints of underlying hardware. However, the new architecture of SDN also exposes many security risks such as controller DoS attack, configuration channel compromise. This paper analyzes the challenges of stateful firewall realization in SDN environment and presents FlowTracker - a novel stateful firewall solution focusing on maintaining the accuracy and agility of stateful firewall with reduced controller processing and communication overhead between control and data plane. The GENI test bed experiments validates FlowTracker its stateful packet tracking and acceptable level of latency increase.

KW - connection tracking

KW - Firewall

KW - GENI testbed

KW - Overflow

KW - POX controller

KW - SDN

KW - Stateful firewall

UR - http://www.scopus.com/inward/record.url?scp=84979587971&partnerID=8YFLogxK

U2 - 10.1109/ICSN.2016.7501925

DO - 10.1109/ICSN.2016.7501925

M3 - Conference contribution

AN - SCOPUS:84979587971

T3 - 2016 1st International Conference on Software Networking, ICSN 2016

BT - 2016 1st International Conference on Software Networking, ICSN 2016

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 23 May 2016 through 26 May 2016

ER -

Tran TV, Ahn H. Flowtracker: A SDN Stateful Firewall Solution with Adaptive Connection Tracking and Minimized Controller Processing. In 2016 1st International Conference on Software Networking, ICSN 2016. Institute of Electrical and Electronics Engineers Inc. 2016. 7501925. (2016 1st International Conference on Software Networking, ICSN 2016). doi: 10.1109/ICSN.2016.7501925

Flowtracker: A SDN Stateful Firewall Solution with Adaptive Connection Tracking and Minimized Controller Processing

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this