A Quantification Method for the Heterogeneity of Mimic Control Plane in SDN
S Panda
Round 1
Reviewer 1 Report
The authors proposed two methods for quantifying the heterogeneity of mimic SDN control plane for improved security.
The paper is well-written, and I have the following questions.
1. Similar to the mimic control plane, SDN control plane can increase its heterogeneity using virtualization. For example, CoVisor introduced SDN control planes managing a single physical network. I wonder whether this method is available in the following virtualization studies, which could further improve the reachability of this study.
- X Jin, et al. "CoVisor: A Compositional Hypervisor for Software-Defined Networks." 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15). 2015
- G Yang, et al. "A Case for SDN-based Network Virtualization." 2021 29th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS). IEEE, 2021
- L Liao, et al. "Distributed and Efficient Network Hypervisor for SDN Virtualization." Journal of Internet Technology 22.3 (2021): 625-636.
2. One of the shortcomings of previous studies is the lack of consideration for code reuse. However, how frequently does the code reuse happen in the mimic control plane? The authors mentioned the paper [32], but it seems that the paper [32] does not deal with code reuse of the SDN control plane.
3. The proposed methods are evaluated under simulation. Does this simulation reflect the actual SDN system characteristics? For example, the executor number and type are set under 10. Does this reflect the characteristics of a real SDN system? For example, executors might be able to perform similar types of network controls. The possible network controls on SDN controllers do, however, vary greatly. Also, each SDN controller instance has different message types (protocols) that it can process.
Author Response
Dear editor and reviewer,
Thank you very much for your comments and suggestions.
Those comments are all valuable and very helpful for revising and improving our paper, as well as the important guiding significance to our researches. We have studied comments carefully and have made correction which we hope meet with approval. Revised portion are marked in track change mode to the paper. The main corrections in the paper and the responds to the reviewer are as flowing:
Comment 1#:
Similar to the mimic control plane, SDN control plane can increase its heterogeneity using virtualization. For example, CoVisor introduced SDN control planes managing a single physical network. I wonder whether this method is available in the following virtualization studies, which could further improve the reachability of this study.
- X Jin, et al. "CoVisor: A Compositional Hypervisor for SoftwareDefined Networks." 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15). 2015
- G Yang, et al. "A Case for SDN-based Network Virtualization." 2021 29th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS). IEEE, 2021
- L Liao, et al. "Distributed and Efficient Network Hypervisor for SDN Virtualization." Journal of Internet Technology 22.3 (2021): 625-636
Response:
Thank you for the researches you offered on the virtualization direction, which can really increase heterogeneity. This paper mainly proposes a quantitative method for heterogeneity. Based on Shannon entropy and quadratic entropy, which are used to measure biodiversity and diversity, this paper proposes two methods for measuring executor heterogeneity. Both methods start from the whole control plane of SDN, including the controller, the operating system on which the controller depends, etc. Controller virtualization is an important component that constitutes heterogeneity. Therefore, the reference to virtualization is missing in this paper, and this modification is supplemented in line 89.
Comment 2#:
One of the shortcomings of previous studies is the lack of consideration for code reuse. However, how frequently does the code reuse happen in the mimic control plane? The authors mentioned the paper [32], but it seems that the paper [32] does not deal with code reuse of the SDN control plane.
Response:
Literature [32] discussed the symbiotic vulnerabilities and did not mention code reuse. Code reuse is rarely mentioned in previous studies, because code reuse is related to the design of a control plane. Code reuse statistics can only be carried out in the case of open source, so there are few studies pay attention to code reuse. The code reuse rate proposed in this paper can perform code reuse statistics on the operating system and controller used in the construction of the mimic SDN control plane, which is at the implementation level. For a single component, the programmer will leave a vulnerability on an average of 1,000 to 1,500 lines of code [36]. Hence code reuse is a factor causing symbiotic vulnerabilities. The main purpose of this paper is to provide methods for heterogeneity, and further work at the implementation level is needed. So we add related statement and reference in line 423.
Comment 3#:
The proposed methods are evaluated under simulation. Does this simulation reflect the actual SDN system characteristics? For example, the executor number and type are set under 10. Does this reflect the characteristics of a real SDN system? For example, executors might be able to perform similar types of network controls. The possible network controls on SDN controllers do, however, vary greatly. Also, each SDN controller instance has different message types (protocols) that it can process.
Response:
This paper is to propose two quantification method, which aims to guide the design of mimic SDN control plane. In “4. simulation and experimental evaluation analysis”, the number of executors is less than 10, which is not selected absolutely but considering the cost of resources and performance. Because the focus of this paper is to evaluate its security, a commonly used SDN system structure is selected for evaluation.
The network control of different SDN controllers may be different. Therefore, when constructing the mimic control plane, it is necessary to consider the realizability and normalize different message types. This is a future work. The narrative of this part is complemented in the conclusion.
In addition, all co-authors read through the full paper and comprehensively corrected the relevant grammar and clerical errors.
Thanks again for the relevant comments of the review experts, which makes this paper more rigorous.
Author Response File: 
Author Response.pdf
Reviewer 2 Report
Authors have reported the work title “A Quantification Method for the Heterogeneity of MIMIC Control Plane in SDN”. However, the following queries need to be answered by the authors. These are the suggestions/modifications needs to be incorporated in the manuscript and hence major revision is suggested.
Q1. Feature Matrix of executors is not clear. Give more details.
Q2. How you have identified Vulnerability and No Vulnerability from Figure 5. Give more information.
Q3. The graphs shown in Figure 6 & Figure 7 are difficult to read. Provide new quality graphs.
Q4. Give more detail on Shannon entropy and quadratic entropy.
Q5. The reference section needs to be re-visited as references are limited to the year 2020. What about the related work done in 2021 & 2022. What is the motivation behind the work is also not clear?
Author Response
Dear editor and reviewer,
Thank you very much for your comments and suggestions.
Those comments are all valuable and very helpful for revising and improving our paper, as well as the important guiding significance to our researches. We have studied comments carefully and have made correction which we hope meet with approval. Revised portion are marked in track change mode to the paper. The main corrections in the paper and the responds to the reviewer are as flowing:
Q1. Feature Matrix of executors is not clear. Give more details.
Response:
In 3.2. Formal description of executor, we change the Definition 7 Feature Matrix of executors in order to make the definition 7 more understandable (“Feature matrix of executors is a matrix form that describes the mimic SDN control plane by the types and numbers of executors and components”). And in the next pargraph after Definition6 we add more details about of components and executors in mimic sdn controller(“Components of a single executor may include an operating system, a controller. It is also possible to further subdivide components into subfunctions of operating systems and controllers.”). We take the matrix in line 363 for example to explain feature matrix of executors:
C11=1 => OpenDaylight
C12=2 => Ryu
C13=3 => Floodlight
C21=1 => ubuntu 12
C22=2 => Redhat 7
C23=1 => ubuntu 12
The eigenvalues of the feature matrix C of the mimic control plane executor set are only for characterization. So arithmetic operations or matrix operations cannot be per-formed. The feature matrix of the mimic control plane can be interchanged in any column, but row interchange is not allowed.
Q2. How you have identified Vulnerability and No Vulnerability from Figure 5. Give more information.
Response:
Thanks to Reviewer for finding the problem in figure 5. That's not an appropriate description for Vulnerability and No Vulnerability from Figure 5. On the one hand, in line 494, we explain the P1P2P3 in figure 5 in more details (“Each executor contains several functions, and each function may or may not have vulnerabilities, represented by shaded rectangle and pure rectangle respectively. The functions with vulnerabilities are different for each executor.”). On the other hand, we revised figure 5(From “vulnerability and no vulnerability” to “Function with vulnerability and Function without vulnerability”, adding HOS vulnerability). The main purpose of figure 5 is to explain that Scenario 1 and Scenario 2 have the same metric value in heterogeneity 1, but the existence of high-order vulnerabilities leads to the security of the two scenarios is not the same, so the quantification of heterogeneity 2 is introduced.
Q3. The graphs shown in Figure 6 & Figure 7 are difficult to read. Provide new quality graphs.
Response:
New quality graphs in Figure 6 & Figure 7 have been replaced into the manuscript.
Figure 6 shows affections on HET1 with several factors, including the type and number of executor components, symbiotic vulnerability ratio, code reuse rate, and vulnerability discovery coefficient.
Figure 7 shows impacts on HOS and HET2 including symbiotic vulnerability ratio and high-order.
Q4. Give more detail on Shannon entropy and quadratic entropy.
Response:
In literature [30], Shannon entropy is a biological measure to evaluate species diversity. Shannon entropy can be used to evaluate the stability of biological populations. In this paper, we quantify the complexity of the executor set in the same way that biodiversity can be quantified—Shannon entropy, and formula 1 is cited from literature [30]. The content is added in the first paragraph of “3.3. Complexity description”.
Rao [31] proposed a method of fusing the difference quadratic entropy between species to measure biodiversity, and we used the method of quadratic entropy to evaluate the difference quantification of the executor set. The content is mentioned in “3.4. Difference description”.
Q5. The reference section needs to be re-visited as references are limited to the year 2020. What about the related work done in 2021 & 2022. What is the motivation behind the work is also not clear?
Response:
The introduction of reference research on heterogeneity is added in line 89, and some references on SDN related technologies are updated in part “Reference”
In addition, all co-authors read through the full paper and comprehensively corrected the relevant grammar and clerical errors.
Thanks again for the relevant comments of the review experts, which makes this paper more rigorous.
Author Response File: Author Response.pdf
Round 2
Reviewer 2 Report
Authors have addressed all the comments/suggestions raised by the reviewer hence I give my recommendation as accept.
