Enforcing Multilevel Security Policies in Database-Defined Networks Ali Al-Haj and Benjamin Aziz School of Computing, University of Portsmouth Portsmouth PO1 3HE, United Kingdom {ali.alhaj, benjamin.aziz}@port.ac.uk Abstract—Despite the wide of range of research and tech- nologies that deal with the problem of routing in computer networks, there remains a gap between the level of network hardware administration and the level of business requirements and constraints. Not much has been accomplished in literature in order to have a direct enforcement of such requirements on the network. This paper presents a new solution in specifying and directly enforcing security policies to control the routing configuration in a software-defined network by using row-level security checks. We show, as a first step, how a specific class of such policies, namely multilevel security policies, can be enforced on a database-defined network, which presents an abstraction of a network’s configuration as a set of database tables. We show that such policies can be used to control the flow of data in the network either in an upward or downward manner. Index Terms—Software-Defined Networking, Database-Defined Networking, Information Flow Control, Row-Level Security, Security Policies, Multilevel Security I. I NTRODUCTION Complexity and robustness remain some of the main chal- lenges that dominate the networking world [20], which are still frequently researched and thought over at the low level of the network hardware with little provision for establishing a direct relationship with business and application require- ments and constraints. Moreover, nowadays the majority of the provided solutions are tightly restricted to vendor-specific hardware and hence, network administrators require extensive knowledge of the network technologies in order to enforce specific administration rules. By contrast, Software-Defined Networks (SDNs) [22] have emerged as a new paradigm based on the separation of network control plane from data plane and therefore facilitate a high-level management of the network in a direct manner. The control plane, being a logically cen- tralized controller or a set of cooperating SDN controllers, is often implemented using standards such as OpenFlow protocol [28], which collect information from the data plane and offer a global view to the network operators. Moreover, all the management tasks are implemented as applications working on top of the controller. More recently, a new approach to the implementation of SDNs has emerged aimed at simplifying the task of net- work administration through the introduction of further data- based abstractions of the control and data planes. This ap- proach is called Database-Defined Networking (DDN) [33], which represents the entire network through standard relational databases. DDNs simplify the network management since the interface to its current state becomes purely database defined. Hence, the network can be queried and its configuration up- dated using standard data languages, such as Standard Query Language (SQL). Interestingly, it becomes straightforward to divide the network into multiple zones and enforce access rules on those zones using access control lists [18]. In this short paper, we demonstrate that recent security mechanisms in databases, particularly, row-level security, can be used to enforce more complex security policies, such as those using multilevel security [5], [6], [13] to control the flow of data. Row-level security has recently emerged as a feature in database management systems, allowing administrators to introduce security policy checks at the level of a row in a table. We demonstrate that changes in the network topology can be policy-controlled through the enforcement of policies on table rows such that only “good” topologies are deployed. The rest of the paper is structured as follows: in Section II, we give an overview of the background relevant to the work of this paper discussing both database-defined networking and row-level security. In Section III, we discuss some related works in current literature. In Section IV, we give an overview of our proposed approach to the tackling of the problem of pol- icy enforcement in database-defined networking. In Section V, we define a method for enforcing multilevel security policies in the routing of packets within a database-defined network using the row-level security feature in modern database systems. Finally, in Section VI, we conclude the paper and suggest some directions for future research. II. BACKGROUND We give here a summary background on two of the relevant concepts that drive the work presented in this paper, namely database-defined networking and row-level security. A. Database-Defined Networking Database-Defined Networking (DDN) is a concept of using relational databases as an abstraction for managing an SDN, DDN is similar to Declarative Networking [25] but applied in the context of SDN. The concept of DDN has recently been introduced in RAVEL [33], which is a database-defined con- troller that represents the network using a standard relational database, e.g. PostgreSQL [19]. The architecture of RAVEL is shown in Figure 1.