Software-defined networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this centralization brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties such as security or dependability. Though addressing the latter in an ad-hoc, piecemeal way may work, it will most likely lead to efficiency and effectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. We further advocate, for its materialization, the reiteration of the successful formula behind SDN: ‘logical centralization’. As a general concept, we propose anchor , a subsystem architecture that promotes the logical centralization of non-functional properties. To show the effectiveness of the concept, we focus on security in this article: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms in a global and consistent manner. Essential security mechanisms provided by anchor include reliable entropy and resilient pseudo-random generators, and protocols for secure registration and association of SDN devices. We claim and justify in the article that centralizing such mechanisms is key for their effectiveness by allowing us to define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and promote the security and resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms, including the formalisation of the main protocols and the verification of their core security properties using the T amarin prover.

中文翻译：

---

锚

软件定义网络 (SDN) 将传统网络的控制平面和数据平面解耦，将网络的功能属性逻辑集中在 SDN 控制器中。虽然这种集中化带来了更快的创新速度等优势，但它也破坏了传统架构对不同威胁的一些自然防御。SDN 的文献主要关注功能方面，尽管一些具体的工作涉及非功能属性，例如安全性或可靠性。尽管以临时、零碎的方式解决后者可能会奏效，但它很可能会导致效率和有效性问题。我们声称，作为 SDN 稳健性支柱的非功能属性的实施需要一种系统方法。我们进一步主张，为了它的具体化，重申SDN背后的成功公式：“逻辑集中化”。作为一般概念，我们建议锚，一种子系统架构，可促进非功能属性的逻辑集中化。为了展示该概念的有效性，我们在本文中关注安全性：我们确定了 SDN 中当前的安全漏洞，并以全局和一致的方式使用适当的安全机制填充架构中间件。提供的基本安全机制锚包括可靠的熵和弹性伪随机生成器，以及用于安全注册和关联 SDN 设备的协议。我们在文章中声称并证明，通过允许我们为这些属性定义和执行全局策略，集中这些机制是其有效性的关键；降低控制器和转发设备的复杂性；确保关键服务具有更高水平的稳健性；促进非功能性财产执行机制的互操作性；并促进架构本身的安全性和弹性。我们讨论设计和实现方面，我们证明和评估我们的算法和机制，包括主要协议的形式化和使用 T 验证它们的核心安全属性阿玛琳证明者。