License: Creative Commons Attribution 4.0 International license (CC BY 4.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.CP.2022.17
URN: urn:nbn:de:0030-drops-166468
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2022/16646/
Go to the corresponding LIPIcs Volume Portal

Curry, Timothy ; De Pace, Gabriel ; Fuller, Benjamin ; Michel, Laurent ; Sun, Yan (Lindsay)

DUELMIPs: Optimizing SDN Functionality and Security

pdf-format:
LIPIcs-CP-2022-17.pdf (0.9 MB)

Abstract

Software defined networks (SDNs) define a programmable network fabric that can be reconfigured to respect global networks properties. Securing against adversaries who try to exploit the network is an objective that conflicts with providing functionality. This paper proposes a two-stage mixed-integer programming framework. The first stage automates routing decisions for the flows to be carried by the network while maximizing readability and ease of use for network engineers. The second stage is meant to quickly respond to security breaches to automatically decide on network counter-measures to block the detected adversary. Both stages are computationally challenging and the security stage leverages large neighborhood search to quickly deliver effective response strategies. The approach is evaluated on synthetic networks of various sizes and shown to be effective for both its functional and security objectives.

BibTeX - Entry

@InProceedings{curry_et_al:LIPIcs.CP.2022.17,
  author =	{Curry, Timothy and De Pace, Gabriel and Fuller, Benjamin and Michel, Laurent and Sun, Yan (Lindsay)},
  title =	{{DUELMIPs: Optimizing SDN Functionality and Security}},
  booktitle =	{28th International Conference on Principles and Practice of Constraint Programming (CP 2022)},
  pages =	{17:1--17:18},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-240-2},
  ISSN =	{1868-8969},
  year =	{2022},
  volume =	{235},
  editor =	{Solnon, Christine},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2022/16646},
  URN =		{urn:nbn:de:0030-drops-166468},
  doi =		{10.4230/LIPIcs.CP.2022.17},
  annote =	{Keywords: Network security, mixed integer programming, large neighborhood search}
}

Keywords: Network security, mixed integer programming, large neighborhood search
Collection: 28th International Conference on Principles and Practice of Constraint Programming (CP 2022)
Issue Date: 2022
Date of publication: 23.07.2022

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI