Contents
Introduction
Boron Release is intended to harden the existing usecplugin and extend it to collect more security related information. Usecplugin Beryllium release collects security information related to OpenFlow plugin. In the current Boron release, usecplugin will collect information about security breach attempts via OpenDaylight's north bound interface (through AAA service) and east-west interface (through SDNi App). Moreover, Usecplugin will also check whether DDoS attack is occuring on any of its plugin ports (eg. OVSDB 6640 port, DLUX 8181 port etc.) and collect the relevant data from these ports. Also, the plugin will expose the database contents via Restconf interface for any North Bound App to add logic for programming flows to protect the controller.
Release Deliverables
- Information on Failed login attempts to DLUX user interface
- Information on Failed login attempt to SDNi App interface
- Hardened and Improved Code for OpenFlow Plugin related attack (from Be release)
Release Milestones
| Milestone | Offset 2 Date | Deliverables |
|---|
| M1 | 03/24/2016 | | Name | Status | Description |
|---|
| Intent to participate | Done | Intent to participate in Boron Simultaneous Release | | Candidate Release Plan | Done | Candidate Release Plan |
|
| M2 | 05/05/2016 | | Name | Status | Description |
|---|
| Final Release Plan | Done | Final Release Plan |
|
| M3 | 06/02/2016 | | Name | Status | Description |
|---|
| Beryllium Code Improvement |
| Increase test coverage of Beryllium implementation |
| | ODL Login Attempt Monitoring |
| Monitor Login Attempt to ODL and identify successful and failed attempts |
|
| M4 | 06/30/2016 | | Name | Status | Description |
|---|
| ODL Login Attempt APIs |
| Develop REST and JAVA APIs using RPCs and Notifications |
| | Documentation |
| - User guide, Developer guide and ASCII Docs
- Include a word count of each relevant .adoc file with a goal of draft documentation done
|
| | Integration and System Test |
| - Automated system testing with Robot framework.
- Integration testing on Karaf distribution with the dependent components.
|
|
| M5 | 04/08/2016 | | Name | Status | Description |
|---|
| Code Freeze |
| Finalize the code development used by usecplugin. | | Documentation |
| Update wiki documentation to reflect all features. |
| | Feature Test |
| Run system test for all features. |
|
| RC0 | N/A | | Name | Status | Description |
|---|
| Deliverable Name |
| Deliverable Description |
|
| RC1 | N/A | | Name | Status | Description |
|---|
| Deliverable Name |
| Deliverable Description |
|
| RC2 | N/A | | Name | Status | Description |
|---|
| Release Review |
| Release Review Description | | Deliverable Name |
| Deliverable Description |
|
| RC3 |
| | Name | Status | Description |
|---|
| Release Review |
| Release Review Description | | Deliverable Name |
| Deliverable Description |
|
| Formal Release |
| | Name | Status | Description |
|---|
| Deliverable Name |
| Deliverable Description |
|
Expected Dependencies on Other Projects
- OpenFlow Plugin
- AAA Plugin
- SDNi App
Expected Incompatibilities with Other Projects
None
Compatibility with Previous Releases
List of Externally Consumable APIs
Southbound Attacks at OpenFlow Plugin
RPC APIs
- Attacks from DPID - Number of OpenFlow Packet_In Attacks from Switch with DeviceID
- Attacks from Host - Number of OpenFlow Packet_In Attacks from SrcIP Address
- Attacks to Server - Number of OpenFlow Packet_In Attacks to DstIP Address
- Attacks at Time of Day - Number of OpenFlow Packet_In Attacks at a Particular Time with a variable Window Time
Notification APIs
- On Low Water Mark Breached - Notification generated on breaching Low Water Mark
Northbound Attacks at AAA Plugin
RPC APIs
- Login Attempt from IP - Returns Time and Type of Attempts (Success or Failure)
- Login Attempt at Time - Returns Attempter IP Address and Type of Attempts (Success or Failure)
Yang Data Store APIs
- Get Login Attempts - Returns Source IP address of Attempter with Time of Attempts and Type of Attempts (Success or Failure)
Notification APIs
- On Invalid Login Attempt - Notification generated on Invalid Login Attempt
East-West Attacks at SDNinterface App Plugin
Notification APIs
- Unknown Peer Controller Connection Request
RPC APIs
- No of Connection Requests from IP Address
Yang Data Store APIs
- Time and IP Address of Connection Requests
Themes and Priorities
Requests from Other Projects
None Listed
- Java unit and integration tests
Other
Primary Setup Contact :
Thomas Lee Sebastian (thomaslee.s@tcs.com)
Rafat Jahan (rafat.jahan@tcs.com)
Test Contact :
Rafat Jahan (rafat.jahan@tcs.com)
Document Contact :
Rafat Jahan (rafat.jahan@tcs.com)
Committers :
Thomas Lee Sebastian (thomaslee.s@tcs.com)
Rafat Jahan (rafat.jahan@tcs.com)
Deepika Gupta (gupta.deepika1@tcs.com)