/TENNISON

SDN Security and Monitoring Framework

Primary LanguagePythonApache License 2.0Apache-2.0

TENNISON logo

TENNISON is a novel distributed SDN security framework that combines the efficiency of SDN control and monitoring with the resilience and scalability of a distributed system. TENNISON offers effective and proportionate monitoring and remediation, compatibility with widely-available networking hardware, support for legacy networks, and a modular and extensible distributed design.

For more details of this work, please see our recently published article in the IEEE Journal on Selected Areas in Communications:

Lyndon Fawcett, Sandra Scott-Hayward, Matthew Broadbent, Andrew Wright, and Nicholas Race
"TENNISON: A Distributed SDN Framework for Scalable Network Security."
IEEE Journal on Selected Areas in Communications (2018).

The article is available here: http://eprints.lancs.ac.uk/127188/1/tennison_CA.pdf

TENNISON offers the following:

  • Extensibility
  • Holistic view
  • Rapid reaction
  • Transparency and interoperability
  • Kill chain detection support
  • Legacy network support

TENNISON requires multiple components to function correctly. Below shows an overview of the system architecture:

TENNISON Overview

As TENNISON is made of many components and is designed to work at scale, testing it can be challenging. The TENNISON testing harness automates the process in varifying functional and non-functional performance before deploying a change to production:

TENNISON Experimenter design

To get in contact about the project, please contact Lyndon at: lyndonfawcett@hotmail.com.

License

TENNISON is licensed under the Apache 2 license and is covered by Crown Copyright.

Contributors

Getting started

Details on getting started with TENNISON are available in docs/developer_guide.pdf

Please note that the document is out of date in places. Please make a github issue if there is anything you need help with.


This repository is laid out as follows:

coordinator/

This is the primary component of TENNISON and is where the policy engine is located and is what decides what should happen to traffic. For extensibility it has southbound and northbound interfaces. The southbound interfaces are responsible for collecting a range of information from networks and hosts. The northbound interface provides users/developers with the ability to create their own security applications, providing TENNISON with rapid reaction capability.

onos-tennison-apps/

These applications interface with ONOS. They assist in monitoring and remediation, providing the primitives to interface with the network.

pig-relay/

This is a wrapper for snort that manages it, providing the coordinator with an ability to update rules and also a method of alerting the coordinator on attack detection.

onos-security-pipeline/

This is the lowest level component of the system and sits at ONOS's driver layer and is what realises the OpenFlow pipeline. It has been created so that security and monitoring rules can be injected before any forwarding is applied. This makes the system transparent at the control plane meaning that it can work with any routing implementation.

tools/

This directory provides scripts to automate the testing and deployment of TENNISON, reducing the learning curve to working with TENNISON. Most of these are wrapped in the "tennison_experimenter" application.

Screenshots from GUI and Experimenter

TENNISON Experimenter

TENNISON Experimenter

TENNISON GUI

TENNISON Flows

TENNISON topology

TENNISON Tiered Domain Manager GUI

TENNISON Tiered Domain Manager