Show simple item record

dc.contributor.authorDethise, Arnaud
dc.contributor.authorChiesa, Marco
dc.contributor.authorCanini, Marco
dc.date.accessioned2017-11-02T09:09:33Z
dc.date.available2017-11-02T09:09:33Z
dc.date.issued2017-08-24
dc.identifier.citationDethise A, Chiesa M, Canini M (2017) Privacy-Preserving Detection of Inter-Domain SDN Rules Overlaps. Proceedings of the SIGCOMM Posters and Demos on - SIGCOMM Posters and Demos ’17. Available: http://dx.doi.org/10.1145/3123878.3131967.
dc.identifier.doi10.1145/3123878.3131967
dc.identifier.urihttp://hdl.handle.net/10754/626101
dc.description.abstractSDN approaches to inter-domain routing promise better traffic engineering, enhanced security, and higher automation. Yet, naïve deployment of SDN on the Internet is dangerous as the control-plane expressiveness of BGP is significantly more limited than the data-plane expressiveness of SDN, which allows fine-grained rules to deflect traffic from BGP's default routes. This mismatch may lead to incorrect forwarding behaviors such as forwarding loops and blackholes, ultimately hindering SDN deployment at the inter-domain level. In this work, we make a first step towards verifying the correctness of inter-domain forwarding state with a focus on loop freedom while keeping private the SDN rules, as they comprise confidential routing information. To this end, we design a simple yet powerful primitive that allows two networks to verify whether their SDN rules overlap, i.e., the set of packets matched by these rules is non-empty, without leaking any information about the SDN rules. We propose an efficient implementation of this primitive by using recent advancements in Secure Multi-Party Computation and we then leverage it as the main building block for designing a system that detects Internet-wide forwarding loops among any set of SDN-enabled Internet eXchange Points.
dc.description.sponsorshipThis research is (in part) supported by European Union’s Horizon 2020 research and innovation programme under the ENDEAVOUR project (grant agreement 644960).
dc.publisherAssociation for Computing Machinery (ACM)
dc.relation.urlhttps://dl.acm.org/citation.cfm?doid=3123878.3131967
dc.rightsArchived with thanks to Proceedings of the SIGCOMM Posters and Demos on - SIGCOMM Posters and Demos '17
dc.subjectInter-domain routing
dc.subjectNetwork Verification
dc.subjectPrivacy
dc.subjectSMPC
dc.titlePrivacy-Preserving Detection of Inter-Domain SDN Rules Overlaps
dc.typeConference Paper
dc.contributor.departmentComputer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division
dc.contributor.departmentComputer Science Program
dc.contributor.departmentKAUST, Université catholique de Louvain
dc.identifier.journalProceedings of the SIGCOMM Posters and Demos on - SIGCOMM Posters and Demos '17
dc.conference.date2017-08-22 to 2017-08-24
dc.conference.nameACM SIGCOMM 2017 Conference
dc.conference.locationLos Angeles, CA, USA
dc.eprint.versionPublisher's Version/PDF
dc.contributor.institutionUniversité catholique de Louvain
dc.contributor.institutionUniversité catholique de Louvain
kaust.personDethise, Arnaud
kaust.personCanini, Marco
refterms.dateFOA2018-06-13T13:16:31Z
dc.date.published-online2017-08-24
dc.date.published-print2017


Files in this item

Thumbnail
Name:
p6-Dethise.pdf
Size:
401.4Kb
Format:
PDF
Description:
Main article

This item appears in the following Collection(s)

Show simple item record