SDN-Based Trusted Path in a Multi-domain Network

摘要

The flexibility and dynamicty of the Cloud and SDN-based network infrastructures raise strong issues for sensitive data which can easily be transferred between different locations and then violate some constraints such as country-based regulations. This paper tackles the critical issue related to the path followed by sensitive data transferred in such virtualized environments and which have specific security & regulatory constraints (e.g., avoid some given untrusted domains). We are therefore proposing a new approach aiming to automatically configure in a multi-domain SDN network such a trusted path satisfying the required constraints. This approach relies on a Multi-Domain Trusted Path Application (MD-TPA) based on OpenFlow and deployed upon the SDN controller of each domain. This approach has been implemented within SDN controllers and experimented on a testbed composed of physical OpenFlow switches. It is then shown how such an end-to-end trusted path, compliant with the constraints, can be enforced in a multi-domain SDN network.