Detection of incongruent firewall rules and flow rules in SDN

Abstract

The networking is the backbone that supports the vast area of Information Technology. SDN is the new road that takes the conventional networking to greater heights. SDN is going to aid all future innovations and developments in the field of networking. SDN stands for Software Defined Networking, this separates the network into two planes namely data plane and control plane. A data plane is the abstraction of all the hardware side of the network and the control plane is the central unit that acts like a brain controlling the entire network. This dual architecture thus helps to maintain a network that is centralized, highly scalable, flexible etc. The programmability of the network opens the window of scope for greater innovations and developments. SDN can gracefully accommodate technology shifts. At the same time SDN posses certain security issues that need to be addressed. As a widely flourishing and developing networking method, these security issues need to be tackled. In this paper we are trying to address the security issue of rewriting flow entries in switches. We propose an algorithm for the detection of incongruence between firewall rules and flow rules and thus we overcome the threat caused by modification of flow entries. The proposed system is for Open Flow based Firewalls. The system is intended to boost the security capabilities of SDN, thereby minimizing some of the security challenges in SDN.