LOFT - Verified Migration of Linux Firewalls to SDN
نویسندگان
چکیده
We present LOFT — Linux firewall OpenF low T ranslator, a system that transforms the main routing table and FORWARD chain of iptables of a Linux-based firewall into a set of static OpenFlow rules. Our implementation is verified against a model of a simplified Linux-based router and we can directly show how much of the original functionality is preserved. Please note that this document is organized in two distinct parts. The first part contains the necessary definitions, helper lemmas and proofs in all their technicality as made in the theory code. The second part reiterates the most important definitions and proofs in a manner that is more suitable for human readers and enriches them with detailed explanations in natural language. Any interested reader should start from there. Many of the considerations that have led to the definitions made here have been explained in [8].
منابع مشابه
Towards Secured Firewalls for Software Defined Networks
Software-Defined Networking (SDN) offers programmers network-wide visibility and direct control over the underlying switches from a logically-centralized controller. SDN provides a promising way for the future development of Internet. SDN, however, also has some new security challenges. A critical challenge among them is how to build a reliable firewall application for SDN. Due to the stateless...
متن کاملWanted: Systems Abstractions for SDN
This paper presents a case for applying the principles of Software-Defined Networking (SDN) to middleboxes and end hosts. The challenges of configuring networking on network hosts resemble those addressed by SDN – numerous multi-vendor components, each with its own syntax and idiosyncratic corner cases, must be orchestrated smoothly. We have developed a prototype called NativeClick, a novel use...
متن کاملSecurity of Software Defined Networks: A survey
Software Defined Networking (SDN) has emerged as a new network architecture for dealing with network dynamics through software-enabled control. While SDN is promoting many new network applications, security has become an important concern. This paper provides an extensive survey on SDN security. We discuss the security threats to SDN according to their effects, i.e., Spoofing, Tampering, Repudi...
متن کاملA Scalable Architecture for Openflow Controllers
The architectural principles of Software-Defined Networking (SDN) and its most prominent supporting protocol OpenFlow keep gaining momentum. SDN relies essentially on the decoupling of the control plane from the data plane, placing the former in a logically centralized component to be executed on commodity hardware the SDN controller. OpenFlow’s reactive programming enables the programming of t...
متن کاملMininet as a Container Based Emulator for Software Defined Networks
Mininet is network emulation software that allows launching a virtual network with switches, hosts and an SDN controller all with a single command on a single Linux kernel. It is a great way to start learning about SDN and Open-Flow as well as test SDN controller and SDN applications. Mininet can be used to deploy large networks on a single computer or virtual machine provided with limited reso...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Archive of Formal Proofs
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016