Programmable Network like SDN allows administrators to program network nfrastructure according to service demand and custom-defined policies. Network olicies are interpreted by the centralized controller to define actions and rules to rocess the network traffic on devices that belong to a single domain. However, actual etworks are multi-domain where several domains are interconnected. Then, because DN controllers in a domain cannot define nor monitor policies in other domains, etwork administrators cannot ensure that their own policies, origin policies are being nforced by the domains not directly managed by them (i.e. foreign domains). e present AudiT, a multi-domain SDN policy verifier that identifies whether an rigin policy is enforced by foreign domains. AudiT comprises (1) model for network opology, policies, and flows, (2) an Audit protocol to gather information about the ctions performed by network devices to carry the flows of interest, and (3) a validation ngine that takes that information and detects security policy violations, and (4) an extension to the OpenFlow protocol to enable external auditing. This paper resents our approach and illustrates its application using an example considering ultiple SDN networks.
展开▼
