Modelling security in Software Defined Networks (abstract)

By Vashti Galpin

Software Defined Networks (SDNs) provide a flexible approach to networking. They are characterised by switches with dynamic behaviour which is determined by a single controller or set of controllers. This adaptivity allows for network topologies that can respond to the current circumstances and hence permit a co-ordinated response to attacks on the network such as denial of service (DoS).

CARMA (Collective Adaptive Resource-sharing Markovian Agents) is a process-algebra-style modelling language developed to model collective adaptive systems. It is allows expressive attribute-based communication using unicast and/or broadcast and its semantics are expressed as time-inhomogeneous continuous-time Markov chains, allowing for simulation of models using a kinetic Monte Carlo algorithm. An important aspect of modelling collective adaptive systems is spatial distribution and the language of the CARMA Eclipse-Plugin, CaSL, provides a syntax for describing discrete space as graphs.

Network topologies are also examples of graphs, hence there is a match between the CARMA/CaSL modelling style and SDNs, especially since adaption is important in ensuring robustness for SDNs in the case of attacks. This presentation describes a CARMA model of a small SDN that can respond to a DoS attack, and illustrates how the CaSL space syntax can be used to describe physical network structure as well as supporting varying virtual topology. Ongoing research considers a more parameterised model, where the spatial description of the network is sufficient to generate the remainder of the model, including the initial data for the switches. This modelling exercise demonstrates that CARMA is suitable to model SDNs, and also raises interesting questions about levels of abstraction in network modelling.