Firewalls em Redes Definidas por Software: Estado da Arte
Resumo
Redes Definidas por Software, ou SDNs, representam um novo paradigma onde o controle da rede é logicamente centralizado. Este novo paradigma vem transformando o modo de pensar e gerir as redes, incluindo mudanças significativas na engenharia de tráfego e controle da topologia da rede, por exemplo. Serviços de segurança, como firewalls, também podem tirar proveito da flexibilidade oferecida pelas SDNs, como de fato de ocorrido. O objetivo deste trabalho é apresentar e discutir uma revisão do estado da arte sobre firewalls em SDNs, buscando identificar padrões que possibilitem classificar as soluções existentes quanto a sua arquitetura e modos de operação e, também, identificar oportunidades e desafios de pesquisa.
Palavras-chave:
Redes definidas por software, Segurança em redes
Referências
Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., et al. (2014). P4: Programming protocolindependent packet processors. ACM SIGCOMM CCR, 44(3):87–95.
Caprolu, M., Raponi, S., and Di Pietro, R. (2019). Fortress: an efficient and distributed firewall for stateful data plane sdn. Security and Communication Networks, 2019.
Dixit, V. H., Kyung, S., Zhao, Z., Doupé, A., Shoshitaishvili, Y., and Ahn, G.-J. (2018).
Challenges and Preparedness of SDN-based Firewalls. In Proc. of the ACM Int. Workshop on Security in SDNs & NFV, pages 33–38. ACM.
Fiessler, A., Lorenz, C., Hager, S., and Scheuermann, B. (2018). FireFlow-High Performance Hybrid SDN-Firewalls with OpenFlow. In 43rd LCN, pages 267–270. IEEE.
Gouda, M. G. and Liu, A. X. (2005). A model of stateful firewalls and its properties. In IEEE DSN, pages 128–137. IEEE.
Hu, H., Han, W., Ahn, G.-J., and Zhao, Z. (2014). Flowguard: building robust firewalls for software-defined networks. In Proceedings of the third workshop on Hot topics in software defined networking, pages 97–102. ACM.
Ioannidis, S., Keromytis, A. D., Bellovin, S. M., and Smith, J. M. (2000). Implementing a distributed firewall. In Proceedings of the 7th ACM Conference on Computer and Communications Security. ACM Press.
Kreutz, D., Ramos, F., Verissimo, P., Rothenberg, C. E., Azodolmolky, S., and Uhlig, S. (2014). Software-defined networking: A comprehensive survey. arXiv preprint arXiv:1406.0440.
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., and Turner, J. (2008). OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2):69–74.
Morzhov, S., Alekseev, I., and Nikitinskiy, M. (2016). Firewall application for floodlight sdn controller. In Int. SIBCON, pages 1–5. IEEE.
ONF (2019). OpenFlow. http://bit.do/e3jhe.
Othman, W. M., Chen, H., Al-Moalmi, A., and Hadi, A. N. (2017). Implementation and performance analysis of sdn firewall on pox controller. In IEEE 9th Int. Conference on Communication Software and Networks (ICCSN), pages 1461–1466. IEEE.
Satasiya, D. et al. (2016). Analysis of software defined network firewall (sdf). In WiSPNET, pages 228–231. IEEE.
Scott-Hayward, S., Natarajan, S., and Sezer, S. (2015). A survey of security in software defined networks. IEEE Communications Surveys & Tutorials, 18(1):623–654.
Thimmaraju, K., Schiff, L., and Schmid, S. (2017). Outsmarting network security with sdn teleportation. In IEEE EuroS&P, pages 563–578. IEEE.
Tran, T. V. and Ahn, H. (2016). FlowTracker: A SDN stateful firewall solution with adaptive connection tracking and minimized controller processing. In 2016 International Conference on Software Networking (ICSN), pages 1–5. IEEE.
Visoottiviseth, V., Lertviriyasawat, S., Suppiyatrakoon, P., Chitkornkitsil, P., and Yamai, N. (2017). REFLO: Reactive firewall system with OpenFlow and flow monitoring system. In TENCON 2017-2017 IEEE Region 10 Conference, pages 2273–2278. IEEE.
Vörös, P. and Kiss, A. (2016). ”security middleware programming using p4”. In Human Aspects of Information Sec., Privacy, and Trust, pages 277–287. Springer.
Yoon, C., Lee, S., Kang, H., Park, T., Shin, S., Yegneswaran, V., Porras, P., and Gu, G. (2017). Flow wars: Systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Transactions on Networking, 25(6):3514–3530.
Zeineddine, A. and El-Hajj, W. (2018). Stateful distributed firewall as a service in sdn. In 2018 4th IEEE Conf. on Network Softwarization (NetSoft), pages 212–216. IEEE.
Zerkane, S., Espes, D., Le Parc, P., and Cuppens, F. (2016a). A proactive stateful firewall for software defined networking. In International Conference on Risks and Security of Internet and Systems, pages 123–138. Springer.
Zerkane, S., Espes, D., Le Parc, P., and Cuppens, F. (2016b). Software defined networking reactive stateful firewall. In IFIP International Conference on ICT Systems Security and Privacy Protection, pages 119–132. Springer.
Caprolu, M., Raponi, S., and Di Pietro, R. (2019). Fortress: an efficient and distributed firewall for stateful data plane sdn. Security and Communication Networks, 2019.
Dixit, V. H., Kyung, S., Zhao, Z., Doupé, A., Shoshitaishvili, Y., and Ahn, G.-J. (2018).
Challenges and Preparedness of SDN-based Firewalls. In Proc. of the ACM Int. Workshop on Security in SDNs & NFV, pages 33–38. ACM.
Fiessler, A., Lorenz, C., Hager, S., and Scheuermann, B. (2018). FireFlow-High Performance Hybrid SDN-Firewalls with OpenFlow. In 43rd LCN, pages 267–270. IEEE.
Gouda, M. G. and Liu, A. X. (2005). A model of stateful firewalls and its properties. In IEEE DSN, pages 128–137. IEEE.
Hu, H., Han, W., Ahn, G.-J., and Zhao, Z. (2014). Flowguard: building robust firewalls for software-defined networks. In Proceedings of the third workshop on Hot topics in software defined networking, pages 97–102. ACM.
Ioannidis, S., Keromytis, A. D., Bellovin, S. M., and Smith, J. M. (2000). Implementing a distributed firewall. In Proceedings of the 7th ACM Conference on Computer and Communications Security. ACM Press.
Kreutz, D., Ramos, F., Verissimo, P., Rothenberg, C. E., Azodolmolky, S., and Uhlig, S. (2014). Software-defined networking: A comprehensive survey. arXiv preprint arXiv:1406.0440.
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., and Turner, J. (2008). OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2):69–74.
Morzhov, S., Alekseev, I., and Nikitinskiy, M. (2016). Firewall application for floodlight sdn controller. In Int. SIBCON, pages 1–5. IEEE.
ONF (2019). OpenFlow. http://bit.do/e3jhe.
Othman, W. M., Chen, H., Al-Moalmi, A., and Hadi, A. N. (2017). Implementation and performance analysis of sdn firewall on pox controller. In IEEE 9th Int. Conference on Communication Software and Networks (ICCSN), pages 1461–1466. IEEE.
Satasiya, D. et al. (2016). Analysis of software defined network firewall (sdf). In WiSPNET, pages 228–231. IEEE.
Scott-Hayward, S., Natarajan, S., and Sezer, S. (2015). A survey of security in software defined networks. IEEE Communications Surveys & Tutorials, 18(1):623–654.
Thimmaraju, K., Schiff, L., and Schmid, S. (2017). Outsmarting network security with sdn teleportation. In IEEE EuroS&P, pages 563–578. IEEE.
Tran, T. V. and Ahn, H. (2016). FlowTracker: A SDN stateful firewall solution with adaptive connection tracking and minimized controller processing. In 2016 International Conference on Software Networking (ICSN), pages 1–5. IEEE.
Visoottiviseth, V., Lertviriyasawat, S., Suppiyatrakoon, P., Chitkornkitsil, P., and Yamai, N. (2017). REFLO: Reactive firewall system with OpenFlow and flow monitoring system. In TENCON 2017-2017 IEEE Region 10 Conference, pages 2273–2278. IEEE.
Vörös, P. and Kiss, A. (2016). ”security middleware programming using p4”. In Human Aspects of Information Sec., Privacy, and Trust, pages 277–287. Springer.
Yoon, C., Lee, S., Kang, H., Park, T., Shin, S., Yegneswaran, V., Porras, P., and Gu, G. (2017). Flow wars: Systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Transactions on Networking, 25(6):3514–3530.
Zeineddine, A. and El-Hajj, W. (2018). Stateful distributed firewall as a service in sdn. In 2018 4th IEEE Conf. on Network Softwarization (NetSoft), pages 212–216. IEEE.
Zerkane, S., Espes, D., Le Parc, P., and Cuppens, F. (2016a). A proactive stateful firewall for software defined networking. In International Conference on Risks and Security of Internet and Systems, pages 123–138. Springer.
Zerkane, S., Espes, D., Le Parc, P., and Cuppens, F. (2016b). Software defined networking reactive stateful firewall. In IFIP International Conference on ICT Systems Security and Privacy Protection, pages 119–132. Springer.
Publicado
16/09/2019
Como Citar
FIORENZA, Maurício; KREUTZ, Diego.
Firewalls em Redes Definidas por Software: Estado da Arte. In: ESCOLA REGIONAL DE REDES DE COMPUTADORES (ERRC), 17. , 2019, Alegrete.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 81-88.
DOI: https://doi.org/10.5753/errc.2019.9215.
