Reference Guide
Table Of Contents
- 1 Introduction
- 2 Establishing Your Test and Development Environments
- 3 Developing Applications
- Introduction
- Authentication
- REST API
- Audit Logging
- Alert Logging
- Configuration
- High Availability
- OpenFlow
- Metrics Framework
- GUI
- SKI Framework - Overview
- SKI Framework - Navigation Tree
- SKI Framework - Hash Navigation
- SKI Framework - View Life-Cycle
- SKI Framework - Live Reference Application
- UI Extension
- Introduction
- Controller Teaming
- Distributed Coordination Service
- Persistence
- Backup and Restore
- Device Driver Framework
- 4 Application Security
- 5 Including Debian Packages with Applications
- 6 Sample Application
- Application Description
- Creating Application Development Workspace
- Application Generator (Automatic Workspace Creation)
- Creating Eclipse Projects
- Updating Project Dependencies
- Building the Application
- Installing the Application
- Application Code
- 7 Testing Applications
- 8 Built-In Applications
- Appendix A
- Appendix B
- Bibliography
4 Application Security
Introduction
This chapter provides recommendations and requirements for designing secure applications.
SDN Application Layer
Applications can be implemented in different permutations and combinations of physical and
logical instantiations as listed below:
• SDN application inside OSGI container on same operating environment as SDN
[“internal” application]
• SDN application via REST interface on same physical HW as SDN [“local external”
application]
• SDN application via REST interface on external HW (in single and Distributed
Coordination modes) [“remote external” application]
• SDN application running on external cluster of servers but presented as a single instance
to a SDN controller
The relevant security components and interfaces generally associated with applications include the
following:
• Installation and upgrade authentication (software signatures and validation)
• Application management interface security requirements
• User authentication, including password requirements
• Secure application initialization
• Application to controller mutual authentication
• App Policy enforcement (authorization), including app arbitration, prioritization or
hierarchy
• Application high availability features including secure replication
• Secure backup of application data
• REST interface security requirements (such as TLS configuration)
• Application command traceability (identify source of cmds for debugging and security
logging)
• Syslog (a computer message logging standard), SNMP notifications and traps, time and
clock synchronization
Application Security
Security capabilities are intended to be compatible with NIST SP800-53 Rev 4, typically at the
“Moderate Impact System” level except where customer requirements include High Impact or
Enhanced Assurance controls. Refer to “Control: The information system” items in section F of the
document for the requirements specific to the Moderate Impact classification.
Known requirements for FIPS 140, DoD JITC and Common Criteria should all be applied.
126