In recent years, computer networks and telecommunications in general have been shifting paradigms to adopt software-centric approaches. Software Defined Networking (SDN) is one of such paradigms that centralizes control and intelligent applications can be defined on top of this architecture. The latter enables the definition of the network behavior by means of software. In this work, we propose an approach for Flow Admission and Routing under Minimal Security Constraints (FARSec) in Software Defined Networks, where network flows must use links which are at least as secure as their required security level. We prove that FARSec can find feasible paths that respect the minimum level of security for each flow. If the latter is not possible FARSec rejects the flow in order not to compromise its security. We show that the computational complexity of the proposed approach is polynomial. Experimental results with semi-random generated graphs confirm the efficiency and correctness of the proposed approach. Finally, we implement the proposed solution using OpenFlow and ONOS -- an SDN open-source controller. We validate its functionality using an emulated network with various security levels.

翻译：近年来，计算机网络及电信领域普遍转向以软件为中心的方法。软件定义网络（SDN）正是此类范式之一，它将控制功能集中化，并允许在此架构之上定义智能应用。后者通过软件实现网络行为的定义。本文提出一种在软件定义网络中实现最小安全约束下的流准入与路由方法（FARSec），要求网络流必须使用至少满足其所需安全等级的链路。我们证明FARSec能够为每条流找到满足最低安全等级的可行路径。若无法实现，FARSec将拒绝该流以避免其安全性受损。研究表明，该方法的计算复杂度为多项式级。基于半随机生成图的实验结果验证了该方法的效率与正确性。最后，我们利用OpenFlow和开源SDN控制器ONOS实现了所提方案，并通过具有多种安全等级的仿真网络验证其功能有效性。