Secure and Reliable Network Updates
Informazioni aggiuntive
Autori
Lembke J.,
Ravi S.,
Roman P. L.,
Eugster P. T.
Tipo
Articolo pubblicato in rivista scientifica
Anno
2023
Lingua
Inglese
Sommario
Software-defined wide area networking (SD-WAN) enables dynamic network policy control over a large distributed network via
network updates
. To be practical, network updates must be consistent (i.e., free of transient errors caused by updates to multiple switches), secure (i.e., only be executed when sent from valid controllers), and reliable (i.e., function despite the presence of faulty or malicious members in the control plane), while imposing only minimal overhead on controllers and switches.
We present SERENE: a protocol for
se
cure and
re
liable
ne
twork updates for SD-WAN environments. In short: Consistency is provided through the combination of an update scheduler and a distributed transactional protocol. Security is preserved by authenticating network events and updates, the latter with an adaptive threshold cryptographic scheme. Reliability is provided by replicating the control plane and making it resilient to a dynamic adversary by using a distributed ledger as a controller failure detector. We ensure practicality by providing a mechanism for scalability through the definition of independent network domains and exploiting the parallelism of network updates both within and across domains. We formally define SERENE’s protocol and prove its safety with regards to event-linearizability. Extensive experiments show that SERENE imposes minimal switch burden and scales to large networks running multiple network applications all requiring concurrent network updates, imposing at worst a 16% overhead on short-lived flow completion and negligible overhead on anticipated normal workloads.
Periodico
ACM Transactions on Privacy and Security
Volume
26
Numero ( Mese )
1
Pagine (o numero dell’articolo)
1-41
ISSN
2471-2566, 2471-2574
DOI
Diffusione
Licenza
Licenza non definita
Visibilità
Privato
