Byzantine-Resilient Secure Software-Defined Networks with Multiple Controllers in Cloud

Software-defined network (SDN) is the next generation of networking architecture that is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today's applications. In SDN, network management is facilitated through software rather than low-level device configurations. However, the centralized control plane introduced by SDN imposes a great challenge for the network security. In this paper, we present a secure SDN structure, in which each device is managed by multiple controllers, not just a single as in a traditional manner, with the dynamic and isolated instance provided by the cloud. It can resist Byzantine attacks on controllers and the communication links between controllers and SDN switches. Furthermore, we study a controller minimization problem with security requirement and propose a cost-efficient controller assignment algorithm with a constant approximation ratio. From the experiment result, the secure SDN structure has little impact on the network latency, provide better security than general distributed controller, and the proposed algorithm performs higher efficiency than random assignment.