Fahad Nife | Al-Muthanna University (Iraq) (original) (raw)

Books by Fahad Nife

In: Gaj P., Sawicki M., Suchacka G., Kwiecień A. (eds) Computer Networks. CN 2018. Communications in Computer and Information Science, vol 860. Springer, Cham., 2018

Software-Defined Network (SDN) is recognized as one of the most important future networking area.... more Software-Defined Network (SDN) is recognized as one of the most important future networking area. SDN architecture is a revolutionary new idea that, moving the traditional network to be software-based, provides more flexibility, high degree of automation and shorter provision time. SDN architecture dynamically separates the control plane from the data (forwarding) plane of the network, which provides centralized view of the entire network and makes it easier for managing and for monitoring the network's resources. However, the initial design of the SDN, with its centralized point of control, does not consider sufficiently the security requirements, which makes the security issues additional challenges. In this paper we propose a new access control system for the SDN architecture, working as a controller application used to verify the identity of a host upon connection to the network. The proposed mechanism, which denies the access attempts from unauthorized hosts and defines different levels of privileges for each host, according to its authentication credentials, is implemented using a POX controller. Our approach neither needs a support of new protocols, nor requires additional configuration of hosts or routers.

In: Gaj P., Kwiecień A., Sawicki M. (eds) Computer Networks. CN 2017. Communications in Computer and Information Science, vol 718. Springer, Cham., 2017

Traditional networks are often quite static, slow to modify, dedicated for a single service and v... more Traditional networks are often quite static, slow to modify, dedicated for a single service and very difficult to scale, what is typical for a large number of different network devices (such as switches, routers, firewalls, and so on), with many complex protocols implemented or embedded on them. Software Defined Network (SDN) is a new technology in communication industry that promises to provide new approach attempting to overcome this weakness of the current network paradigm. The SDN provides a highly scalable and centralized control architecture in which the data plane is decoupled from the control plane; this abstraction gives more flexible, programmable and innovative network architecture. However, centralization of the control plane and ability of programming the network are very critical and challenging tasks causing security problems. In this paper we propose a framework for securing the SDN by introducing an application as an extension to the controller to make it able to check every specific flow in the network and to push the security instructions in real-time down to the network. We also compare our proposal with other existing SDN-based security solutions.

Papers by Fahad Nife

Traditional networks are often quite static, slow to modify, dedicated for a single service and v... more Traditional networks are often quite static, slow to modify, dedicated for a single service and very difficult to scale, what is typical for a large number of different network devices (such as switches, routers, firewalls, and so on), with many complex protocols implemented or embedded on them. Software Defined Network (SDN) is a new technology in communication industry that promises to provide new approach attempting to overcome this weakness of the current network paradigm. The SDN provides a highly scalable and centralized control architecture in which the data plane is decoupled from the control plane; this abstraction gives more flexible, programmable and innovative network architecture. However, centralization of the control plane and ability of programming the network are very critical and challenging tasks causing security problems. In this paper we propose a framework for securing the SDN by introducing an application as an extension to the controller to make it able to ch...

Computer Networks, 2018

Software-Defined Network (SDN) is recognized as one of the most important future networking area.... more Software-Defined Network (SDN) is recognized as one of the most important future networking area. SDN architecture is a revolutionary new idea that, moving the traditional network to be software-based, provides more flexibility, high degree of automation and shorter provision time. SDN architecture dynamically separates the control plane from the data (forwarding) plane of the network, which provides centralized view of the entire network and makes it easier for managing and for monitoring the network’s resources. However, the initial design of the SDN, with its centralized point of control, does not consider sufficiently the security requirements, which makes the security issues additional challenges. In this paper we propose a new access control system for the SDN architecture, working as a controller application used to verify the identity of a host upon connection to the network. The proposed mechanism, which denies the access attempts from unauthorized hosts and defines different levels of privileges for each host, according to its authentication credentials, is implemented using a POX controller. Our approach neither needs a support of new protocols, nor requires additional configuration of hosts or routers.

Journal of Network and Systems Management, 2020

Software-Defined-Networking (SDN) has been recently arising as a new technology in the IT industr... more Software-Defined-Networking (SDN) has been recently arising as a new technology in the IT industry. It is a network architecture that hopes to provide better solutions to most of the constraints in contemporary networks. SDN is a centralized control architecture for networking in which the control plane is separated from the data plane, the network services are abstracted from the underlying forwarding devices, and the network’s intelligence is centralized in a software-based directly-programmed device called a controller. These features of SDN provide more flexible, programmable and innovative network’s architecture. However, they may pose new vulnerabilities and may lead to new security problems. In this paper, we propose the application-aware firewall mechanism for SDN, which can be implemented as an extension to the network’s controller. In order to provide more control and visibility in applications running over the network, the system is able to detect network applications tha...

Applied Mathematics & Information Sciences, 2018

Software-Defined Network (SDN) is a network technology aimed to open new possibilities in network... more Software-Defined Network (SDN) is a network technology aimed to open new possibilities in network management and orchestration. This is important in future (especially mobile) networks, where virtualization of resources and network functions is the basic paradigm. SDN has been proposed to programmatically control networks, facilitating deployment of new applications and services, as well as tuning network policy and performance. It represents an important change in the way networks are architected, built, and managed. In this new networking paradigm, a network control plane is physically decoupled from a forwarding plane and is directly programmable. In SDN networks, the control plane supports a logically centralized controller which has a global view of the entire network; it gathers information from the data plane to be processed by the management tasks which are implemented as applications running on the top of the controller. Based on the global view, these applications make packets processing decisions and distribute them to the data plane via the controller. However, security of such networks with their programmability and centralized points of control is not currently ensured on a sufficient level. In this paper, we present the concept of a new security system for SDN-based networks, which can be easily integrated with the existing network infrastructure as well as can provide security of all network components. It consists of two main subsystems: the network authentication and access control system to protect the network control and the distributed firewall system to protect data transmission. Such a system enables creating additional boundaries within the network to provide a multi-plane system of defense, solves the problem of a single point of failure, and makes it easy to protect the network from external attacks as well as from internal malicious users.

Journal of Network and Systems Management, 2020

Software-Defined-Networking (SDN) has been recently arising as a new technology in the IT industr... more Software-Defined-Networking (SDN) has been recently arising as a new technology in the IT industry. It is a network architecture that hopes to provide better solutions to most of the constraints in contemporary networks. SDN is a centralized control architecture for networking in which the control plane is separated from the data plane, the network services are abstracted from the underlying forwarding devices, and the network's intelligence is centralized in a software-based directly-programmed device called a controller. These features of SDN provide more flexible, programmable and innovative network's architecture. However, they may pose new vulnerabilities and may lead to new security problems. In this paper, we propose the application-aware firewall mechanism for SDN, which can be implemented as an extension to the network's controller. In order to provide more control and visibility in applications running over the network, the system is able to detect network applications that may at some point affect network's performance, and it is capable to dynamically enforce constraint rules on applications. The firewall architecture is designed as four cooperating modules: the Main Module, the Filtering Module, the Application Identification Module, and the Security-Enforcement Module. The proposed mechanism checks the network traffic at the network, transport, and application levels, and installs appropriate security instructions down into the network. The proposed solution features were implemented and tested using a Python-based POX controller, and the network topology was built using Mininet emulation tool.

Applied Mathematics & Information Sciences: Vol. 12 : Iss. 4, 2018

Software-Defined Network (SDN) is a network technology aimed to open new possibilities in network... more Software-Defined Network (SDN) is a network technology aimed to open new possibilities in network management and orchestration. This is important in future (especially mobile) networks, where virtualization of resources and network functions is the basic paradigm. SDN has been proposed to programmatically control networks, facilitating deployment of new applications and services, as well as tuning network policy and performance. It represents an important change in the way networks are architected, built, and managed. In this new networking paradigm, a network control plane is physically decoupled from a forwarding plane and is directly programmable. In SDN networks, the control plane supports a logically centralized controller which has a global view of the entire network; it gathers information from the data plane to be processed by the management tasks which are implemented as applications running on the top of the controller. Based on the global view, these applications make packets processing decisions and distribute them to the data plane via the controller. However, security of such networks with their programmability and centralized points of control is not currently ensured on a sufficient level. In this paper, we present the concept of a new security system for SDN-based networks, which can be easily integrated with the existing network infrastructure as well as can provide security of all network components. It consists of two main subsystems: the network authentication and access control system to protect the network control and the distributed firewall system to protect data transmission. Such a system enables creating additional boundaries within the network to provide a multi-plane system of defense, solves the problem of a single point of failure, and makes it easy to protect the network from external attacks as well as from internal malicious users.

In: Gaj P., Sawicki M., Suchacka G., Kwiecień A. (eds) Computer Networks. CN 2018. Communications in Computer and Information Science, vol 860. Springer, Cham., 2018

Software-Defined Network (SDN) is recognized as one of the most important future networking area.... more Software-Defined Network (SDN) is recognized as one of the most important future networking area. SDN architecture is a revolutionary new idea that, moving the traditional network to be software-based, provides more flexibility, high degree of automation and shorter provision time. SDN architecture dynamically separates the control plane from the data (forwarding) plane of the network, which provides centralized view of the entire network and makes it easier for managing and for monitoring the network's resources. However, the initial design of the SDN, with its centralized point of control, does not consider sufficiently the security requirements, which makes the security issues additional challenges. In this paper we propose a new access control system for the SDN architecture, working as a controller application used to verify the identity of a host upon connection to the network. The proposed mechanism, which denies the access attempts from unauthorized hosts and defines different levels of privileges for each host, according to its authentication credentials, is implemented using a POX controller. Our approach neither needs a support of new protocols, nor requires additional configuration of hosts or routers.

In: Gaj P., Kwiecień A., Sawicki M. (eds) Computer Networks. CN 2017. Communications in Computer and Information Science, vol 718. Springer, Cham., 2017

Traditional networks are often quite static, slow to modify, dedicated for a single service and v... more Traditional networks are often quite static, slow to modify, dedicated for a single service and very difficult to scale, what is typical for a large number of different network devices (such as switches, routers, firewalls, and so on), with many complex protocols implemented or embedded on them. Software Defined Network (SDN) is a new technology in communication industry that promises to provide new approach attempting to overcome this weakness of the current network paradigm. The SDN provides a highly scalable and centralized control architecture in which the data plane is decoupled from the control plane; this abstraction gives more flexible, programmable and innovative network architecture. However, centralization of the control plane and ability of programming the network are very critical and challenging tasks causing security problems. In this paper we propose a framework for securing the SDN by introducing an application as an extension to the controller to make it able to check every specific flow in the network and to push the security instructions in real-time down to the network. We also compare our proposal with other existing SDN-based security solutions.

Traditional networks are often quite static, slow to modify, dedicated for a single service and v... more Traditional networks are often quite static, slow to modify, dedicated for a single service and very difficult to scale, what is typical for a large number of different network devices (such as switches, routers, firewalls, and so on), with many complex protocols implemented or embedded on them. Software Defined Network (SDN) is a new technology in communication industry that promises to provide new approach attempting to overcome this weakness of the current network paradigm. The SDN provides a highly scalable and centralized control architecture in which the data plane is decoupled from the control plane; this abstraction gives more flexible, programmable and innovative network architecture. However, centralization of the control plane and ability of programming the network are very critical and challenging tasks causing security problems. In this paper we propose a framework for securing the SDN by introducing an application as an extension to the controller to make it able to ch...

Computer Networks, 2018

Software-Defined Network (SDN) is recognized as one of the most important future networking area.... more Software-Defined Network (SDN) is recognized as one of the most important future networking area. SDN architecture is a revolutionary new idea that, moving the traditional network to be software-based, provides more flexibility, high degree of automation and shorter provision time. SDN architecture dynamically separates the control plane from the data (forwarding) plane of the network, which provides centralized view of the entire network and makes it easier for managing and for monitoring the network’s resources. However, the initial design of the SDN, with its centralized point of control, does not consider sufficiently the security requirements, which makes the security issues additional challenges. In this paper we propose a new access control system for the SDN architecture, working as a controller application used to verify the identity of a host upon connection to the network. The proposed mechanism, which denies the access attempts from unauthorized hosts and defines different levels of privileges for each host, according to its authentication credentials, is implemented using a POX controller. Our approach neither needs a support of new protocols, nor requires additional configuration of hosts or routers.

Journal of Network and Systems Management, 2020

Software-Defined-Networking (SDN) has been recently arising as a new technology in the IT industr... more Software-Defined-Networking (SDN) has been recently arising as a new technology in the IT industry. It is a network architecture that hopes to provide better solutions to most of the constraints in contemporary networks. SDN is a centralized control architecture for networking in which the control plane is separated from the data plane, the network services are abstracted from the underlying forwarding devices, and the network’s intelligence is centralized in a software-based directly-programmed device called a controller. These features of SDN provide more flexible, programmable and innovative network’s architecture. However, they may pose new vulnerabilities and may lead to new security problems. In this paper, we propose the application-aware firewall mechanism for SDN, which can be implemented as an extension to the network’s controller. In order to provide more control and visibility in applications running over the network, the system is able to detect network applications tha...

Applied Mathematics & Information Sciences, 2018

Software-Defined Network (SDN) is a network technology aimed to open new possibilities in network... more Software-Defined Network (SDN) is a network technology aimed to open new possibilities in network management and orchestration. This is important in future (especially mobile) networks, where virtualization of resources and network functions is the basic paradigm. SDN has been proposed to programmatically control networks, facilitating deployment of new applications and services, as well as tuning network policy and performance. It represents an important change in the way networks are architected, built, and managed. In this new networking paradigm, a network control plane is physically decoupled from a forwarding plane and is directly programmable. In SDN networks, the control plane supports a logically centralized controller which has a global view of the entire network; it gathers information from the data plane to be processed by the management tasks which are implemented as applications running on the top of the controller. Based on the global view, these applications make packets processing decisions and distribute them to the data plane via the controller. However, security of such networks with their programmability and centralized points of control is not currently ensured on a sufficient level. In this paper, we present the concept of a new security system for SDN-based networks, which can be easily integrated with the existing network infrastructure as well as can provide security of all network components. It consists of two main subsystems: the network authentication and access control system to protect the network control and the distributed firewall system to protect data transmission. Such a system enables creating additional boundaries within the network to provide a multi-plane system of defense, solves the problem of a single point of failure, and makes it easy to protect the network from external attacks as well as from internal malicious users.

Journal of Network and Systems Management, 2020

Software-Defined-Networking (SDN) has been recently arising as a new technology in the IT industr... more Software-Defined-Networking (SDN) has been recently arising as a new technology in the IT industry. It is a network architecture that hopes to provide better solutions to most of the constraints in contemporary networks. SDN is a centralized control architecture for networking in which the control plane is separated from the data plane, the network services are abstracted from the underlying forwarding devices, and the network's intelligence is centralized in a software-based directly-programmed device called a controller. These features of SDN provide more flexible, programmable and innovative network's architecture. However, they may pose new vulnerabilities and may lead to new security problems. In this paper, we propose the application-aware firewall mechanism for SDN, which can be implemented as an extension to the network's controller. In order to provide more control and visibility in applications running over the network, the system is able to detect network applications that may at some point affect network's performance, and it is capable to dynamically enforce constraint rules on applications. The firewall architecture is designed as four cooperating modules: the Main Module, the Filtering Module, the Application Identification Module, and the Security-Enforcement Module. The proposed mechanism checks the network traffic at the network, transport, and application levels, and installs appropriate security instructions down into the network. The proposed solution features were implemented and tested using a Python-based POX controller, and the network topology was built using Mininet emulation tool.

Applied Mathematics & Information Sciences: Vol. 12 : Iss. 4, 2018

Software-Defined Network (SDN) is a network technology aimed to open new possibilities in network... more Software-Defined Network (SDN) is a network technology aimed to open new possibilities in network management and orchestration. This is important in future (especially mobile) networks, where virtualization of resources and network functions is the basic paradigm. SDN has been proposed to programmatically control networks, facilitating deployment of new applications and services, as well as tuning network policy and performance. It represents an important change in the way networks are architected, built, and managed. In this new networking paradigm, a network control plane is physically decoupled from a forwarding plane and is directly programmable. In SDN networks, the control plane supports a logically centralized controller which has a global view of the entire network; it gathers information from the data plane to be processed by the management tasks which are implemented as applications running on the top of the controller. Based on the global view, these applications make packets processing decisions and distribute them to the data plane via the controller. However, security of such networks with their programmability and centralized points of control is not currently ensured on a sufficient level. In this paper, we present the concept of a new security system for SDN-based networks, which can be easily integrated with the existing network infrastructure as well as can provide security of all network components. It consists of two main subsystems: the network authentication and access control system to protect the network control and the distributed firewall system to protect data transmission. Such a system enables creating additional boundaries within the network to provide a multi-plane system of defense, solves the problem of a single point of failure, and makes it easy to protect the network from external attacks as well as from internal malicious users.