Control-plane isolation and recovery for a secure SDN architecture

Software Defined Networking (SDN) allows scalable and flexible network management without requiring costly hardware changes. However, this technology is relatively new, and creates new security risks. More specifically, in current SDN designs (1) a compromised component can affect the whole SDN network due to its centralized architecture, and (2) existing designs do not allow recovery of compromised components. To solve these problems, we propose a secure SDN architecture which (1) limits damage due to a compromised controller and switch processes by using strong software isolation mechanisms, and (2) allows recovery of compromised controller and switch processes by regularly and automatically rolling them back to a pristine state. We show detailed designs of these mechanisms. We discuss the main aspects of our system's design and show preliminary evaluation results of a prototype implementation.