Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #29

Byzantine Fault Tolerant Software-Defined Networking (SDN) Controllers

Karim Eldefrawy and Tyler Kaczmarek

2016 · IEEE COMPSAC, MidCCI workshop

  • Theory
  • Applied
  • protocol

What does the paper try to establish?

Can an SDN controller avoid being a single point of malicious failure by replicating control decisions with Byzantine state-machine replication while retaining usable flow-setup performance?

What is the proposed answer?

The paper integrates OpenFlowJ and Beacon with BFT-SMaRt through a per-switch proxy, producing SimpleBFT and BeaconBFT controllers that tolerate f faulty controller replicas among 3f+1 under the stated model; a four-replica Mininet prototype demonstrates feasibility but substantial and architecture-dependent throughput cost.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence Medium

The paper gives a concrete architecture, threat model, security analysis, two prototypes, and comparative performance measurements. No fault injection, code artifact, independent reproduction, or formal proof audit was available.

Security analysis and quorum reasoning Mininet experiment and flow-setup results
Auditability High

The complete author-hosted paper is mirrored locally with page count and SHA-256, making design, assumptions, and reported data inspectable; implementation source and experiment package are not public in this map.

Proxy architecture and two controller prototypes Mininet experiment and flow-setup results
Production provenance Medium

Named authorship, affiliations, an author copy, and an IEEE record establish baseline provenance. Code version, contributor roles, and experimental artifact lineage are not documented.

Problem, contribution, and headline prototype result Official IEEE publication record
External scrutiny Medium

The work has an IEEE workshop publication record, but reviews, independent replication, and subsequent adversarial evaluation were not inspected.

Official IEEE publication record
Reception High

OpenAlex reports 43 located citations as of 2026-07-11, meeting the site's 11+ high threshold. Citation count alone does not establish correctness or deployment.

Dated OpenAlex citation snapshot
Contribution significance Medium

The paper demonstrates an early BFT SDN-controller integration with concrete measurements, but scale, fault-injection validation, priority, and long-term operational influence were not independently assessed.

Problem, contribution, and headline prototype result Future work, scale boundary, and conclusion

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

Byzantine Fault Tolerant SDN Controllers

A replicated SDN control architecture and Java prototype that applies BFT-SMaRt to OpenFlowJ and Beacon controllers.

Problem, contribution, and headline prototype result
  1. question

    Research question

    research question

    Can the logically centralized SDN control plane tolerate malicious controllers and switches without a new centralized fault point and without prohibitive flow-setup cost?

    Problem, contribution, and headline prototype result
  2. scope Threat and system model defined

    The system contains 3f+1 controller replicas plus switch-side clients/proxies, with authenticated replica messages and BFT-SMaRt's total-order execution.

    BFT-SMaRt protocol and assumptions Controller and switch adversary model
    1. threat model

      Byzantine control and data planes

      defined

      The adversary actively corrupts up to f controller components and arbitrarily many switches, allowing message injection, replay, modification, arbitrary requests/replies, or silence.

      Controller and switch adversary model
  3. method Proxy-mediated replicated controller implemented

    A per-switch proxy translates OpenFlow Packet_In requests into BFT client requests and translates the agreed response back into Packet_Out or Flow_Mod messages.

    Proxy architecture and two controller prototypes
  4. claim group Principal claims mixed

    The paper combines quorum-based fault-tolerance reasoning with performance evidence from a proof-of-concept prototype.

    Security analysis and quorum reasoning Mininet experiment and flow-setup results
    1. claim

      Single-fault tolerance in tested configuration

      analytically supported conditional

      With four controller replicas, no one compromised replica can make a client accept an unsolicited or incorrect action because the client requires two identical replies and consensus quorums remain available.

      Security analysis and quorum reasoning
    2. claim

      Measured flow-setup cost

      experimentally supported

      SimpleBFT reports 59.3 flow modifications/s versus OpenFlowJ's 106.9 (about 1.8× slower); BeaconBFT reports 87.0 versus Beacon's 550.6 (about 6.3× slower).

      Mininet experiment and flow-setup results
  5. evidence group Evidence chain documented

    Evidence consists of architecture diagrams, quorum analysis inherited from BFT-SMaRt, two implementations, and comparative Mininet flow-setup measurements.

    Proxy architecture and two controller prototypes Security analysis and quorum reasoning Mininet experiment and flow-setup results
    1. evidence

      Mininet proof-of-concept

      reported not reproduced

      The test uses 64 hosts and 63 switches in a binary tree, a reactive empty-table workload, four controller replicas, and flow setup duration, delay, and rate metrics; no fault-injection result is reported.

      Mininet experiment and flow-setup results
  6. limitation group Boundaries and limitations material

    The source explicitly treats the implementation as a proof of concept and says it is not ready for large-scale networks with tens of thousands of flow changes per second.

    Problem, contribution, and headline prototype result Future work, scale boundary, and conclusion
  7. scrutiny

    External scrutiny

    publication recorded

    The paper was published at the IEEE COMPSAC MidCCI workshop; reviews, independent replications, and later security evaluations were not audited.

    Official IEEE publication record

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Problem, contribution, and headline prototype result Abstract and Section I, PDF pages 1-2
  2. BFT-SMaRt protocol and assumptions Section II.B, PDF pages 2-3
  3. Controller and switch adversary model Section II.C, PDF page 3
  4. Proxy architecture and two controller prototypes Section III and Figures 2-3, PDF pages 3-4
  5. Security analysis and quorum reasoning Section IV, PDF pages 4-5
  6. Mininet experiment and flow-setup results Section V and Table I, PDF page 5
  7. Future work, scale boundary, and conclusion Sections VII-VIII, PDF pages 6-7
  8. Official IEEE publication record COMPSAC Workshops 2016
  9. Dated OpenAlex citation snapshot cited_by_count = 43, accessed 2026-07-11