Cross-layer access control in publish/subscribe middleware over software-defined networks

Yang Zhang*, Huiyu Zhou, Jun liang Chen

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)


When technologies of software-defined networks (SDNs) provide a chance to improve the quality of service (QoS) of publish/subscribe middlewares, new chances are also arising for adversaries to attack the networks and the middlewares. We here propose a cross-layer access control solution to protect the publish/subscribe middleware over SDNs. Applications over a publish/subscribe middleware interact by an indirect, anonymous and multicast event communication paradigm, where we hope that the applications, the middleware, and the underlying network collaborate to realize the access control of reading/writing events. The key issue is how to use the flow matching capability of SDN switches to efficiently and securely enforce complex authorization policies that include multiple conjunction and disjunction structures. It is required to resist against the collusion attacks of SDN controllers and subscribers when the middleware/network is partially delegated to enforce the authorization policies of publishers. In our cross-layer solution, a policy representation method is presented to encode authorization policies into flow entries with high data compression and security, and a two-party computation method is presented to carry out secret sharing for defeating malicious SDN controllers and subscribers. Finally, our solution is evaluated to show its effectiveness.

Original languageEnglish
Pages (from-to)1-13
Number of pages13
JournalComputer Communications
Early online date19 Nov 2018
Publication statusPublished - 15 Jan 2019
Externally publishedYes

Bibliographical note

Funding Information:
This work is supported by the National Natural Science Foundation of China (no. 61372115 ), the National Key Research and Development Program of China (No. 2018YFB1003800 ), and EU H2020 DOMINOES Project (No. 771066 ).

Publisher Copyright:
© 2018 Elsevier B.V.

Copyright 2019 Elsevier B.V., All rights reserved.


  • Access control
  • Publish/subscribe
  • SDN
  • Security

ASJC Scopus subject areas

  • Computer Networks and Communications


Dive into the research topics of 'Cross-layer access control in publish/subscribe middleware over software-defined networks'. Together they form a unique fingerprint.

Cite this