SarDiNe

Netzsicherheit in Unternehmen und Behörden basierend auf Software Defined Networking

Project Home: sardine-project.org
Funding Agency: BMBF
Duration: 3 years, 01.03.2015-30.06.2018
Partners: Universität Würzburg, Genua GmbH, Infosim GmbH
Contact: Raphael Durner (r.durner@tum.de)

Scope of Project

Virtualized Systems are increasingly adopted also in Campus Networks. They promise significant increases in the efficiency of the complete IT. On the other hand the conversion from physical to virtual systems is also a challenge for IT-Security: E.g. without a clear network edges the separation of access rights and data gets increasingly difficult. In the SarDine projects new security solutions that address these challenges are developed and evaluated. The project is funded by the german Federal Ministry of Education and Research.

Contributions

  1. One main result of the project is a novel SDN/NFV Security Architecture presented in that was presented in the IEEE Magazine. Current network security concepts mostly rely on Perimeter Gateway Firewalls (PGFs). With this approach an attacker that has breached the boundaries of the network can spread in the network easily. The use of SDN is proposed to provide fine grained filtering in the network.
  2. Enterprise networks consist of a large number of network nodes, i.e. routers and switches. If a network operator decides to deploy SDN in the network a replacement of all devices in one step is quite costly. Thus the migration from legacy to SDN Networks requires partially deployed networks. A work presented at IFIP Networking  analyzes performance impacts in this field. One main result is that already few deployed nodes can provide high reconfiguration performance.
  3. Further in the project several works analyzing the control plane security in SDN were performed. The overhead of encyrpting the SDN control connection was presented at the CoNext Student Workshop 2015.  In addition an approach for detection and mitigation of Deniual of Service attacks in SDN was presented at IEEE Netsoft.
  4. The performance of security VNFs was studied. Considerations regarding placement of the VNFs in NUMA nodes and a metric that quantifies the efficiency of a running VNF was introduced at the CAN Workshop.
  5. Many contributions of the project were combined in a Demonstrator that was presented at SIGCOMM 2017.