Multi-Layer Access Control for SDN-based Telco Clouds

Bernd Jäger, Christian Röpke, Iris Adam, Thorsten Holz

Nordic Conference on Secure IT System (NordSec), Stockholm, Sweden, October 2015


The telecom industry has recently started to adapt the emerging paradigm of Software-Defined Networking (SDN) in combination with cloud computing to the telecommunication world. In particular, both technologies enable a high degree of automation and flexibility for existing and novel networks. As this combination can significantly reduce costs and potentially enables the development of new business opportunities, telecom providers build so-called telco clouds leveraging SDN for operating the underlying network infrastructure. In this context, a major concern is to maintain security once network functions and SDN controllers run virtualized inside the telco clouds. In particular, manipulated or compromised cloud applications may disturb correct functioning such that costs increase, security deteriorates or reputation degrades. Therefore, we propose a multi-layer access control system to mitigate such adverse consequences and, thereby, focus on securing both the SDN control layer and the SDN application layer.


Tags: (SDN), networking, security, Software-Defined