Reference Guide
Table Of Contents
- 1 Introduction
- 2 Establishing Your Test and Development Environments
- 3 Developing Applications
- Introduction
- Authentication
- REST API
- Audit Logging
- Alert Logging
- Configuration
- High Availability
- OpenFlow
- Metrics Framework
- GUI
- SKI Framework - Overview
- SKI Framework - Navigation Tree
- SKI Framework - Hash Navigation
- SKI Framework - View Life-Cycle
- SKI Framework - Live Reference Application
- UI Extension
- Introduction
- Controller Teaming
- Distributed Coordination Service
- Persistence
- Backup and Restore
- Device Driver Framework
- 4 Application Security
- 5 Including Debian Packages with Applications
- 6 Sample Application
- Application Description
- Creating Application Development Workspace
- Application Generator (Automatic Workspace Creation)
- Creating Eclipse Projects
- Updating Project Dependencies
- Building the Application
- Installing the Application
- Application Code
- 7 Testing Applications
- 8 Built-In Applications
- Appendix A
- Appendix B
- Bibliography
Assumptions
Software development practices
It is assumed that secure and high-assurance development practices are used, including:
• Good design practice including design reviews and threat analysis
• Security awareness through requirements and training
• Static code analysis with corrective action taken before product release
• Product testing includes “negative” testing, i.e., responses to input errors, network protocol
fuzzing, etc. are handled in secure and robust manner
Physical security (standalone SDN apps running on servers)
This section applies to instantiations of SDN applications running on “independent Hardware” (e.g.,
remote external applications). In these cases, physical security is assumed such that only authorized
personnel have access to the application host machine.
Logical security (external SDN apps)
To allow for multiple deployment scenarios, we need to assume that communication between the
SDN application and the controller is in-band. For external apps, do not assume that an SDN app
is connected to the SDN controller by means of a private VLAN. All facets of providing
confidentiality, integrity (both system and data), and availability by design therefore apply. Given
the nature of an SDN controller interacting with devices, non-repudiation (accountability) is probably
also a concern.
Distributed Coordination and Uptime
Any loss of access to the controller might disrupt or otherwise cause loss of network availability to
the customer’s network. All configuration, upgrade and maintenance operations, including
credentials refresh, must be designed to permit continued controller access during and after these
procedures. A cluster/team shutdown must not be required. Inter-controller communications
must be authenticated and encrypted using user-supplied credentials.
Secure Configuration
Image validation
The following requirements and guidelines are intended to improve assurance of integrity and
interoperability (correct operation):
• The user must be provided with an inventory of the AS-TESTED implementation of the
system, including version information for all open source libraries and SHA-1 hashes of all
installed files. This information is to be available separately, even if loaded as part of the
system installation.
• It is RECOMMENDED that files are distributed to the user such that installation is
performed entirely from signed files, the expanded contents of which can be checked
against a provided hash. This protects the user from inadvertently installing a version of
127