Monitoring and security in softwarized networks
As mentioned in the 1st year work, we started several activities regarding monitoring of SDN network and DDoS mitigation. We’ll thus pursue this activity by (1) extending OpenFlow expressivness and (2) refining and evaluating DDoS attack SDN-based mitigation models.
As a continuation of previous work about ICN, we will investigate security issues in ICN in particular Interest Flooding attacks (IFA), which consist in requesting large number of contents and so to overfill Pending Interest Tables (PIT) at each ICN router. There are several approaches to counter-act against these attacks but, thanks to preliminary tests, we observe that they are only effective with very simplistic attacks. More complex attacks are actually feasible and will require advanced counter-measures.
Based on our work on using P4 for ICN, several limitations of P4 (and other equivalent) have been identified. In second year, we plan to extend our study to other use cases by examining what are the required properties. They will be then mapped to features provided by P4 in order to perform a gap analysis. Rather than only being focused on functional objectives, we also want to assess performances.
Blockchain has gained a large interest beyond the area of crypto-currencies. Such a topic also emerges in the networking community where blockchains could be a key enabler for adoption of NFV in multi-tenant environments. In addition, deployment and well-functioning of blockchain-based services supposes performant networking support since they are based on flooding-like, and so network intensive, protocols. SDN and NFV can be leveraged for an optimized use of resource in such cases.