Controller Shield: Boron: Release Plan

Contents

Introduction

Boron Release is intended to harden the existing usecplugin and extend it to collect more security related information. Usecplugin Beryllium release collects security information related to OpenFlow plugin. In the current Boron release, usecplugin will collect information about security breach attempts via OpenDaylight's north bound interface (through AAA service) and east-west interface (through SDNi App). Moreover, Usecplugin will also check whether DDoS attack is occuring on any of its plugin ports (eg. OVSDB 6640 port, DLUX 8181 port etc.) and collect the relevant data from these ports. Also, the plugin will expose the database contents via Restconf interface for any North Bound App to add logic for programming flows to protect the controller.

Release Deliverables

  • Information on Failed login attempts to DLUX user interface
  • Information on Failed login attempt to SDNi App interface
  • Hardened and Improved Code for OpenFlow Plugin related attack (from Be release)

Release Milestones

MilestoneOffset 2 DateDeliverables
M103/24/2016
NameStatusDescription
Intent to participateDoneIntent to participate in Boron Simultaneous Release
Candidate Release PlanDoneCandidate Release Plan
M205/05/2016
NameStatusDescription
Final Release PlanDoneFinal Release Plan
M306/02/2016
NameStatusDescription
Beryllium Code Improvement

Increase test coverage of Beryllium implementation


ODL Login Attempt Monitoring

Monitor Login Attempt to ODL and identify successful and failed attempts

M406/30/2016
NameStatusDescription
ODL Login Attempt APIs

Develop REST and JAVA APIs using RPCs and Notifications


Documentation
  • User guide, Developer guide and ASCII Docs
  • Include a word count of each relevant .adoc file with a goal of draft documentation done

Integration and System Test
  • Automated system testing with Robot framework.
  • Integration testing on Karaf distribution with the dependent components.
M504/08/2016
NameStatusDescription
Code Freeze

Finalize the code development used by usecplugin.

Documentation

Update wiki documentation to reflect all features.


Feature Test

Run system test for all features.

RC0N/A
NameStatusDescription
Deliverable Name
Deliverable Description
RC1N/A
NameStatusDescription
Deliverable Name
Deliverable Description
RC2N/A
NameStatusDescription
Release Review
Release Review Description
Deliverable Name
Deliverable Description
RC3
NameStatusDescription
Release Review
Release Review Description
Deliverable Name
Deliverable Description
Formal Release
NameStatusDescription
Deliverable Name
Deliverable Description

Expected Dependencies on Other Projects

  • OpenFlow Plugin
  • AAA Plugin
  • SDNi App

Expected Incompatibilities with Other Projects

None

Compatibility with Previous Releases

List of Externally Consumable APIs

Southbound Attacks at OpenFlow Plugin

RPC APIs

  • Attacks from DPID - Number of OpenFlow Packet_In Attacks from Switch with DeviceID
  • Attacks from Host - Number of OpenFlow Packet_In Attacks from SrcIP Address
  • Attacks to Server - Number of OpenFlow Packet_In Attacks to DstIP Address
  • Attacks at Time of Day - Number of OpenFlow Packet_In Attacks at a Particular Time with a variable Window Time

Notification APIs

  • On Low Water Mark Breached - Notification generated on breaching Low Water Mark

Northbound Attacks at AAA Plugin

RPC APIs

  • Login Attempt from IP - Returns Time and Type of Attempts (Success or Failure)
  • Login Attempt at Time - Returns Attempter IP Address and Type of Attempts (Success or Failure)

Yang Data Store APIs

  • Get Login Attempts - Returns Source IP address of Attempter with Time of Attempts and Type of Attempts (Success or Failure)

Notification APIs

  • On Invalid Login Attempt - Notification generated on Invalid Login Attempt

East-West Attacks at SDNinterface App Plugin

Notification APIs

  • Unknown Peer Controller Connection Request

RPC APIs

  • No of Connection Requests from IP Address

Yang Data Store APIs

  • Time and IP Address of Connection Requests

Themes and Priorities

Requests from Other Projects

None Listed

Test Tools Requirements

  • Java unit and integration tests

Other

Primary Setup Contact :
Thomas Lee Sebastian (thomaslee.s@tcs.com)
Rafat Jahan (rafat.jahan@tcs.com)
Test Contact :
Rafat Jahan (rafat.jahan@tcs.com)
Document Contact :
Rafat Jahan (rafat.jahan@tcs.com)
Committers :
Thomas Lee Sebastian (thomaslee.s@tcs.com)
Rafat Jahan (rafat.jahan@tcs.com)
Deepika Gupta (gupta.deepika1@tcs.com)