During the Beryllium release we plan to develop the Unified-Security plugin as an OSGi Bundle that collates all security related information for the controller and stores it in a database. Also, the plugin will expose the database contents via Restconf interface for any North Bound App to add logic for programming flows to protect the controller.The logic to protect the controller from packet-in attack will be part of the Beryllium release.

Release Deliverables

Name

Description

USecPlugin

* Creating the USecPlugin
* Exposing Restconf interface for NB Application from USecPlugin (for accessing USecPlugin data)
* Adding logic in USecPlugin to detect Packet-In attack
* Creation of persistent datastore with security related information.

Release Milestones

Milestone

Offset 2 Date

Deliverables

M1

8/6/2015

Name	Status	Description
Intent to participate	Done	Intent to participate in Beryllium Simultaneous Release
Candidate Release Plan	Done	Candidate Release Plan

M2

9/3/2015

Name	Status	Description
Release Plan	Done	Final Release Plan
U-Sec Plugin Skeleton	Done	Design a basic U-Sec Plugin Skeleton for developing an OSGi plugin that registers with the MD-SAL for Packet-In message notification.

M3

10/15/2015

Name	Status	Description
API Freeze	Done	Finalize RestAPI and JAVA API signatures to be exposed by Security Plugin.
Data Store Creation	Done	Yang Model Creation and subsequent Java implementation to write Packet-In message content to the Data-Store.
Feature	Done	Logic and code development for calculation of pps in real time
Feature	Done	Logic and code development for choosing the upper and lower water marks that will raise alarms and subsequent packet_in header information retention.

M4

12/3/2015

Name	Status	Description
Notification design	Done	Yang Model Expansion with Notification details for upper and lower water marks breach and subsequent Java Implementation
RPC Design	Done	Yang Model Expansion with RPC details and subsequent Java Implementation.
Persistent DataStore	Done	Creation of a persistent datastore to keep security related information generated by the plugin.

M5

1/14/2016

Name	Status	Description
Documentation	Done	Update wiki documentation to reflect new feature(s).
Feature Test	Done	Run system test for a feature.

RC0

N/A

Name	Status	Description
Deliverable Name		Deliverable Description

RC1

N/A

Name	Status	Description
Deliverable Name		Deliverable Description

RC2

N/A

Name	Status	Description
Release Review		Release Review Description
Deliverable Name		Deliverable Description

RC3

01/28/2016

Name	Status	Description
Release Review		Release Review Description
Deliverable Name		Deliverable Description

Formal Release

02/04/2016

Name	Status	Description
Deliverable Name		Deliverable Description

Expected Dependencies on Other Projects

None Listed

Expected Incompatibilities with Other Projects

None

Compatibility with Previous Releases

List of Externally Consumable APIs

RPC - Number of OpenFlow Packet_In Attacks from Switch with DeviceID
RPC - Number of OpenFlow Packet_In Attacks from SrcIP Address
RPC - Number of OpenFlow Packet_In Attacks to DstIP Address
RPC - Number of OpenFlow Packet_In Attacks at a Particular Time with a variable Window Time
Notification - Low Water Mark Breached

Themes and Priorities

Requests from Other Projects

None Listed

Test Tools Requirements

Java unit and integration tests

Other

Primary Setup Contact :
Thomas Lee Sebastian (thomaslee.s@tcs.com)
Rafat Jahan (rafat.jahan@tcs.com)
Test Contact :
Rafat Jahan (rafat.jahan@tcs.com)
Document Contact :
Rafat Jahan (rafat.jahan@tcs.com)
Committers :
Thomas Lee Sebastian (thomaslee.s@tcs.com)
Rafat Jahan (rafat.jahan@tcs.com)
Deepika Gupta (gupta.deepika1@tcs.com)

Contents

Introduction