Controller Shield: Beryllium: Release Plan

Contents

Introduction

During the Beryllium release we plan to develop the Unified-Security plugin as an OSGi Bundle that collates all security related information for the controller and stores it in a database. Also, the plugin will expose the database contents via Restconf interface for any North Bound App to add logic for programming flows to protect the controller.The logic to protect the controller from packet-in attack will be part of the Beryllium release.

Release Deliverables

NameDescription
USecPlugin
* Creating the USecPlugin
* Exposing Restconf interface for NB Application from USecPlugin (for accessing USecPlugin data)
* Adding logic in USecPlugin to detect Packet-In attack
* Creation of persistent datastore with security related information.

Release Milestones

MilestoneOffset 2 DateDeliverables
M18/6/2015
NameStatusDescription
Intent to participateDoneIntent to participate in Beryllium Simultaneous Release
Candidate Release PlanDoneCandidate Release Plan
M29/3/2015
NameStatusDescription
Release PlanDoneFinal Release Plan
U-Sec Plugin SkeletonDoneDesign a basic U-Sec Plugin Skeleton for developing an OSGi plugin that registers with the MD-SAL for Packet-In message notification.
M310/15/2015
NameStatusDescription
API FreezeDoneFinalize RestAPI and JAVA API signatures to be exposed by Security Plugin.
Data Store CreationDoneYang Model Creation and subsequent Java implementation to write Packet-In message content to the Data-Store.
FeatureDoneLogic and code development for calculation of pps in real time
FeatureDoneLogic and code development for choosing the upper and lower water marks that will raise alarms and subsequent packet_in header information retention.
M412/3/2015
NameStatusDescription
Notification designDoneYang Model Expansion with Notification details for upper and lower water marks breach and subsequent Java Implementation
RPC DesignDoneYang Model Expansion with RPC details and subsequent Java Implementation.
Persistent DataStoreDoneCreation of a persistent datastore to keep security related information generated by the plugin.
M51/14/2016
NameStatusDescription
DocumentationDoneUpdate wiki documentation to reflect new feature(s).
Feature TestDoneRun system test for a feature.
RC0N/A
NameStatusDescription
Deliverable Name
Deliverable Description
RC1N/A
NameStatusDescription
Deliverable Name
Deliverable Description
RC2N/A
NameStatusDescription
Release Review
Release Review Description
Deliverable Name
Deliverable Description
RC301/28/2016
NameStatusDescription
Release Review
Release Review Description
Deliverable Name
Deliverable Description
Formal Release02/04/2016
NameStatusDescription
Deliverable Name
Deliverable Description

Expected Dependencies on Other Projects

None Listed

Expected Incompatibilities with Other Projects

None

Compatibility with Previous Releases

List of Externally Consumable APIs


  • RPC - Number of OpenFlow Packet_In Attacks from Switch with DeviceID
  • RPC - Number of OpenFlow Packet_In Attacks from SrcIP Address
  • RPC - Number of OpenFlow Packet_In Attacks to DstIP Address
  • RPC - Number of OpenFlow Packet_In Attacks at a Particular Time with a variable Window Time
  • Notification - Low Water Mark Breached


Themes and Priorities

Requests from Other Projects

None Listed

Test Tools Requirements

  • Java unit and integration tests

Other

Primary Setup Contact :
Thomas Lee Sebastian (thomaslee.s@tcs.com)
Rafat Jahan (rafat.jahan@tcs.com)
Test Contact :
Rafat Jahan (rafat.jahan@tcs.com)
Document Contact :
Rafat Jahan (rafat.jahan@tcs.com)
Committers :
Thomas Lee Sebastian (thomaslee.s@tcs.com)
Rafat Jahan (rafat.jahan@tcs.com)
Deepika Gupta (gupta.deepika1@tcs.com)