{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T21:43:23Z","timestamp":1774129403556,"version":"3.50.1"},"reference-count":97,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2022,11,9]],"date-time":"2022-11-09T00:00:00Z","timestamp":1667952000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000185","name":"DARPA","doi-asserted-by":"crossref","award":["W911NF19C0058"],"award-info":[{"award-number":["W911NF19C0058"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"crossref"}]},{"name":"ERC Consolidator","award":["617805"],"award-info":[{"award-number":["617805"]}]},{"name":"DFG","award":["1053"],"award-info":[{"award-number":["1053"]}]},{"DOI":"10.13039\/501100001711","name":"SNSF","doi-asserted-by":"crossref","award":["200021_192121, 200021_197353"],"award-info":[{"award-number":["200021_192121, 200021_197353"]}],"id":[{"id":"10.13039\/501100001711","id-type":"DOI","asserted-by":"crossref"}]},{"name":"NSF","award":["1618923"],"award-info":[{"award-number":["1618923"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2023,2,28]]},"abstract":"<jats:p>\n            Software-defined wide area networking (SD-WAN) enables dynamic network policy control over a large distributed network via\n            <jats:italic>network updates<\/jats:italic>\n            . To be practical, network updates must be consistent (i.e., free of transient errors caused by updates to multiple switches), secure (i.e., only be executed when sent from valid controllers), and reliable (i.e., function despite the presence of faulty or malicious members in the control plane), while imposing only minimal overhead on controllers and switches.\n          <\/jats:p>\n          <jats:p>\n            We present SERENE: a protocol for\n            <jats:underline>se<\/jats:underline>\n            cure and\n            <jats:underline>re<\/jats:underline>\n            liable\n            <jats:underline>ne<\/jats:underline>\n            twork updates for SD-WAN environments. In short: Consistency is provided through the combination of an update scheduler and a distributed transactional protocol. Security is preserved by authenticating network events and updates, the latter with an adaptive threshold cryptographic scheme. Reliability is provided by replicating the control plane and making it resilient to a dynamic adversary by using a distributed ledger as a controller failure detector. We ensure practicality by providing a mechanism for scalability through the definition of independent network domains and exploiting the parallelism of network updates both within and across domains. We formally define SERENE\u2019s protocol and prove its safety with regards to event-linearizability. Extensive experiments show that SERENE imposes minimal switch burden and scales to large networks running multiple network applications all requiring concurrent network updates, imposing at worst a 16% overhead on short-lived flow completion and negligible overhead on anticipated normal workloads.\n          <\/jats:p>","DOI":"10.1145\/3556542","type":"journal-article","created":{"date-parts":[[2022,8,12]],"date-time":"2022-08-12T11:33:48Z","timestamp":1660304028000},"page":"1-41","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Secure and Reliable Network Updates"],"prefix":"10.1145","volume":"26","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1503-7215","authenticated-orcid":false,"given":"James","family":"Lembke","sequence":"first","affiliation":[{"name":"Purdue University, Milwaukee School of Engineering, Milwaukee, WI"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2965-3940","authenticated-orcid":false,"given":"Srivatsan","family":"Ravi","sequence":"additional","affiliation":[{"name":"University of Southern California, Los Angeles, CA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5741-1490","authenticated-orcid":false,"given":"Pierre-Louis","family":"Roman","sequence":"additional","affiliation":[{"name":"Universit\u00e0 della Svizzera italiana, Lugano, Switzerland"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3864-9078","authenticated-orcid":false,"given":"Patrick","family":"Eugster","sequence":"additional","affiliation":[{"name":"Universit\u00e0 della Svizzera italiana, TU Darmstadt, Purdue University, West Lafayette, IN"}]}],"member":"320","published-online":{"date-parts":[[2022,11,9]]},"reference":[{"key":"e_1_3_1_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/2535771.2535791"},{"key":"e_1_3_1_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/2486001.2486012"},{"key":"e_1_3_1_4_2","doi-asserted-by":"publisher","DOI":"10.1145\/2342356.2342427"},{"key":"e_1_3_1_5_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.pmcj.2016.09.012"},{"key":"e_1_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2015.7249247"},{"key":"e_1_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2016.7568583"},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/2620728.2620744"},{"key":"e_1_3_1_9_2","first-page":"351","volume-title":"Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation","author":"Koponen Teemu","year":"2010","unstructured":"Teemu Koponen, Martin Casado, Natasha Gude, Jeremy Stribling, Leon Poutievski, Min Zhu, Rajiv Ramanathan, Yuichiro Iwata, Hiroaki Inoue, Takayuki Hama, and Scott Shenker. 2010. Onix: A distributed control platform for large-scale production networks. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation. 351\u2013364."},{"key":"e_1_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/2774993.2774996"},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCC.2014.2355227"},{"key":"e_1_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2018.2869938"},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/357172.357176"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.5555\/296806.296824"},{"key":"e_1_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2014.43"},{"key":"e_1_3_1_16_2","first-page":"701","volume-title":"Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation","author":"Hsu Kuo-Feng","year":"2020","unstructured":"Kuo-Feng Hsu, Ryan Beckett, Ang Chen, Jennifer Rexford, and David Walker. 2020. Contra: A programmable system for performance-aware routing. In Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation. 701\u2013721."},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/2619239.2626307"},{"key":"e_1_3_1_18_2","doi-asserted-by":"publisher","DOI":"10.1145\/2774993.2774999"},{"key":"e_1_3_1_19_2","unstructured":"Aniket Kate. ([n. d.]). Distributed Key Generator. Retrieved 7 Dec. 2020 from https:\/\/crysp.uwaterloo.ca\/software\/DKG\/."},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48254-7_7"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043584"},{"key":"e_1_3_1_22_2","unstructured":"([n. d.]). Ryu SDN Framework. Retrieved 7 Dec. 2020 from http:\/\/osrg.github.io\/ryu."},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2020.2986959"},{"key":"e_1_3_1_24_2","unstructured":"Ben Lynn. ([n. d.]). The Pairing Based Cryptography Library. Retrieved 7 Dec. 2020 from https:\/\/crypto.stanford.edu\/pbc\/."},{"key":"e_1_3_1_25_2","unstructured":"([n. d.]). OpenFlow Discovery Protocol. Retrieved 7 Dec. 2020 from https:\/\/groups.geni.net\/geni\/wiki\/OpenFlowDiscoveryProtocol."},{"key":"e_1_3_1_26_2","unstructured":"Internet2 Community. Retrieved 20 Feb. 2021 https:\/\/internet2.edu."},{"key":"e_1_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1145\/3423211.3425694"},{"key":"e_1_3_1_28_2","volume-title":"OpenFlow Switch Specification","author":"Open Networking Foundation","year":"2015","unstructured":"Open Networking Foundation. 2015. OpenFlow Switch Specification. v1.5.1."},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2018.8406229"},{"key":"e_1_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/2670518.2673880"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660353"},{"key":"e_1_3_1_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/2890955.2890958"},{"key":"e_1_3_1_33_2","unstructured":"Mark Dargin. ([n. d.]). Secure your SDN controller. Retrieved 1 Jan. 2021 from https:\/\/www.networkworld.com\/article\/3245173\/secure-your-sdn-controller.html."},{"key":"e_1_3_1_34_2","unstructured":"Scott Hogg. ([n. d.]). SDN Security Attack Vectors and SDN Hardening. Retrieved 1 Jan. 2021 from https:\/\/www.networkworld.com\/article\/2840273\/sdn-security-attack-vectors-and-sdn-hardening.html."},{"key":"e_1_3_1_35_2","unstructured":"Diego Asturias. ([n. d.]). 9 Types of Software Defined Network attacks and how to protect from them. Retrieved 1 Jan. 2021 from https:\/\/www.routerfreak.com\/9-types-software-defined-network-attacks-protect\/."},{"key":"e_1_3_1_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/2808062.2808073"},{"key":"e_1_3_1_37_2","article-title":"A denial of service attack against the open floodlight SDN controller","author":"Dover Jeremy M.","year":"2013","unstructured":"Jeremy M. Dover. 2013. A denial of service attack against the open floodlight SDN controller. Dover Networks LCC, Edgewater, MD (2013). Retrieved 1 Jan., 2021 http:\/\/dovernetworks.com\/wp-content\/uploads\/2013\/12\/OpenFloodlight-12302013.pdf.","journal-title":"Dover Networks LCC, Edgewater, MD"},{"key":"e_1_3_1_38_2","unstructured":"([n. d.]). OpenFlow PacketOut. Retrieved 7 Dec. 2020 from http:\/\/flowgrammable.org\/sdn\/openflow\/message-layer\/packetout\/."},{"key":"e_1_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1145\/2876019.2876024"},{"key":"e_1_3_1_40_2","unstructured":"([n. d.]). Policy Framework for ONOS. Retrieved 7 May 2020 from https:\/\/wiki.onosproject.org\/display\/ONOS\/POLICY+FRAMEWORK+FOR+ONOS."},{"key":"e_1_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.1145\/2656877.2656890"},{"key":"e_1_3_1_42_2","unstructured":"([n. d.]). OpenDaylight Group Based Policy. Retrieved 1 Jan. 2021 from https:\/\/docs.opendaylight.org\/en\/stable-fluorine\/user-guide\/group-based-policy-user-guide.html."},{"key":"e_1_3_1_43_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2016.11.017"},{"key":"e_1_3_1_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2013.6614121"},{"key":"e_1_3_1_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/2785956.2787472"},{"key":"e_1_3_1_46_2","doi-asserted-by":"publisher","DOI":"10.1145\/1384609.1384625"},{"key":"e_1_3_1_47_2","unstructured":"([n. d.]). Cisco Open SDN Controller. Retrieved 7 May 2020 from http:\/\/www.cisco.com\/c\/en\/us\/products\/cloud-systems-management\/opensdn-controller\/index.html."},{"key":"e_1_3_1_48_2","unstructured":"([n. d.]). OpenDaylight. Retrieved 1 April 2020 from https:\/\/www.opendaylight.org."},{"key":"e_1_3_1_49_2","unstructured":"([n. d.]). Central Office Re-architected as a Datacenter (CORD). Retrieved 1 April 2020 from https:\/\/opencord.org\/."},{"key":"e_1_3_1_50_2","unstructured":"([n. d.]). Packet-Optical. Retrieved 1 April 2020 from https:\/\/wiki.onosproject.org\/display\/ONOS\/Packet+Optical+Convergence."},{"key":"e_1_3_1_51_2","unstructured":"([n. d.]). Configuring TLS for inter-controller communication. Retrieved 1 April 2020 from https:\/\/wiki.onosproject.org\/display\/ONOS\/Configuring+TLS+for+inter-controller+communication."},{"key":"e_1_3_1_52_2","unstructured":"([n. d.]). Configuring OVS connection using SSL\/TLS with self-signed certificates. Retrieved 1 April 2020 from https:\/\/wiki.onosproject.org\/pages\/viewpage.action?pageId=6358090."},{"key":"e_1_3_1_53_2","doi-asserted-by":"publisher","DOI":"10.1109\/EDCC.2016.12"},{"key":"e_1_3_1_54_2","doi-asserted-by":"publisher","DOI":"10.1145\/2908080.2908097"},{"key":"e_1_3_1_55_2","doi-asserted-by":"publisher","DOI":"10.1145\/3050220.3050224"},{"key":"e_1_3_1_56_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53426-7_9"},{"key":"e_1_3_1_57_2","first-page":"113","volume-title":"Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation","author":"Kazemian Peyman","year":"2012","unstructured":"Peyman Kazemian, George Varghese, and Nick McKeown. 2012. Header space analysis: Static checking for networks. In Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation. 113\u2013126."},{"key":"e_1_3_1_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/3098822.3098834"},{"key":"e_1_3_1_59_2","doi-asserted-by":"publisher","DOI":"10.1109\/iThings-GreenCom-CPSCom-SmartData.2017.88"},{"key":"e_1_3_1_60_2","doi-asserted-by":"publisher","DOI":"10.1145\/2934872.2934910"},{"key":"e_1_3_1_61_2","volume-title":"Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation","author":"Handigol Nikhil","year":"2014","unstructured":"Nikhil Handigol, Brandon Heller, Vimalkumar Jeyakumar, David Mazi\u00e8res, and Nick McKeown. 2014. I know what your packet did last hop: Using packet histories to troubleshoot networks. In Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation."},{"key":"e_1_3_1_62_2","doi-asserted-by":"publisher","DOI":"10.7125\/APAN.35.2"},{"key":"e_1_3_1_63_2","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2017.1700041"},{"key":"e_1_3_1_64_2","doi-asserted-by":"crossref","unstructured":"Arash Shaghaghi Mohamed Ali Kaafar Rajkumar Buyya and Sanjay Jha. 2020. Software-Defined Network (SDN) Data Plane Security: Issues Solutions and Future Directions. In Handbook of Computer Networks and Cyber Security . 341\u2013387.","DOI":"10.1007\/978-3-030-22277-2_14"},{"key":"e_1_3_1_65_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2017.7997296"},{"key":"e_1_3_1_66_2","doi-asserted-by":"publisher","DOI":"10.1109\/IC2E.2014.72"},{"key":"e_1_3_1_67_2","doi-asserted-by":"publisher","DOI":"10.1145\/3415146"},{"key":"e_1_3_1_68_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-16-6890-6_10"},{"key":"e_1_3_1_69_2","doi-asserted-by":"publisher","DOI":"10.1007\/s13369-017-2414-5"},{"key":"e_1_3_1_70_2","doi-asserted-by":"publisher","DOI":"10.1109\/SPIN.2016.7566750"},{"key":"e_1_3_1_71_2","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-020-02099-4"},{"key":"e_1_3_1_72_2","doi-asserted-by":"publisher","DOI":"10.1145\/2620728.2620747"},{"key":"e_1_3_1_73_2","doi-asserted-by":"publisher","DOI":"10.1145\/2737924.2737980"},{"key":"e_1_3_1_74_2","doi-asserted-by":"publisher","DOI":"10.1002\/ett.4460050407"},{"key":"e_1_3_1_75_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-68339-9_31"},{"key":"e_1_3_1_76_2","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359176"},{"key":"e_1_3_1_77_2","doi-asserted-by":"publisher","DOI":"10.1109\/SFCS.1985.64"},{"key":"e_1_3_1_78_2","article-title":"Distributed Key Generation in the Wild","author":"Kate Aniket","year":"2012","unstructured":"Aniket Kate, Yizhou Huang, and Ian Goldberg. 2012. Distributed Key Generation in the Wild. Cryptology ePrint Archive, Paper 2012\/377. (2012). Retrieved 7 Dec., 2020 from https:\/\/eprint.iacr.org\/2012\/377.","journal-title":"Cryptology ePrint Archive, Paper 2012\/377"},{"key":"e_1_3_1_79_2","doi-asserted-by":"publisher","DOI":"10.5555\/866693"},{"key":"e_1_3_1_80_2","doi-asserted-by":"publisher","DOI":"10.1145\/226643.226647"},{"key":"e_1_3_1_81_2","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294279"},{"key":"e_1_3_1_82_2","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294280"},{"key":"e_1_3_1_83_2","doi-asserted-by":"publisher","DOI":"10.1145\/3190508.3190538"},{"key":"e_1_3_1_84_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.000-5"},{"key":"e_1_3_1_85_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243853"},{"key":"e_1_3_1_86_2","doi-asserted-by":"publisher","DOI":"10.1145\/2332432.2332490"},{"key":"e_1_3_1_87_2","doi-asserted-by":"publisher","DOI":"10.1145\/1753171.1753191"},{"key":"e_1_3_1_88_2","doi-asserted-by":"publisher","DOI":"10.1145\/279227.279229"},{"key":"e_1_3_1_89_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.23040"},{"key":"e_1_3_1_90_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-004-0314-9"},{"key":"e_1_3_1_91_2","unstructured":"([n. d.]). OpenFlow Role Request Messages. Retrieved 7 Dec. 2020 from https:\/\/ryu.readthedocs.io\/en\/latest\/ofproto_v1_3_ref.html#role-request-message."},{"key":"e_1_3_1_92_2","unstructured":"Standard for Local and Metropolitan Area Networks - Station and Media Access Control Connectivity Discovery 802.1AB-REV Draft 6.0 IEEE Jun. 24."},{"key":"e_1_3_1_93_2","unstructured":"([n. d.]). About DETERLab. Retrieved 1 April 2020 from https:\/\/deter-project.org\/about_deterlab."},{"key":"e_1_3_1_94_2","unstructured":"([n. d.]). DETERLab PC3000 Node Information. Retrieved 1 April 2020 from https:\/\/www.isi.deterlab.net\/shownodetype.php?node_type=pc3000."},{"key":"e_1_3_1_95_2","unstructured":"([n. d.]). OpenVz. Retrieved 1 April 2020 from https:\/\/openvz.org\/."},{"key":"e_1_3_1_96_2","unstructured":"([n. d.]). Introducing data center fabric the next-generation Facebook data center network. Retrieved 7 May 2020 from https:\/\/code.fb.com\/production-engineering\/introducing-data-center-fabric-the-next-generation-facebook-data-center-network\/."},{"key":"e_1_3_1_97_2","unstructured":"([n. d.]). The Internet Topology Zoo. Retrieved 7 May 2020 from http:\/\/www.topology-zoo.org\/."},{"key":"e_1_3_1_98_2","doi-asserted-by":"publisher","DOI":"10.1145\/2620728.2620752"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3556542","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3556542","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3556542","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:00:32Z","timestamp":1750186832000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3556542"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,9]]},"references-count":97,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,2,28]]}},"alternative-id":["10.1145\/3556542"],"URL":"https:\/\/doi.org\/10.1145\/3556542","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,11,9]]},"assertion":[{"value":"2021-06-08","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-07-23","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-11-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}