End-to-End Security for SDN Controllers in Distributed K8s Environments for Fog and Cloud

Khan, A; Nanda, P

End-to-End Security for SDN Controllers in Distributed K8s Environments for Fog and Cloud

Khan, A Nanda, P

Permalink

Publisher:: IGI Global
Publication Type:: Journal Article
Citation:: International Journal of Cloud Applications and Computing, 2026, 16, (1), pp. 1-30
Issue Date:: 2026-01-01

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download Accepted versionAdobe PDF (2.58 MB)

View on publisher's site

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Khan, A
dc.contributor.author	Nanda, P https://orcid.org/0000-0002-5748-155X
dc.date.accessioned	2026-05-27T02:18:45Z
dc.date.available	2026-05-27T02:18:45Z
dc.date.issued	2026-01-01
dc.identifier.citation	International Journal of Cloud Applications and Computing, 2026, 16, (1), pp. 1-30
dc.identifier.issn	2156-1834
dc.identifier.issn	2156-1826
dc.identifier.uri	http://hdl.handle.net/10453/195157
dc.description.abstract	The deployment of software-defined networking (SDN) in distributed Kubernetes environments across fog and cloud systems introduces complex security challenges. Traditional approaches often fail to ensure secure, resource-efficient control-plane operations and verifiable node coordination at scale. This study proposes a three-layered security framework: (a) flexible control plan (FCP) integrates lightweight SDN controllers with runtime attestation for trusted execution in resource-constrained fog nodes; (b) secure software-defined offloading (SSDO) enforces encrypted, policy-driven inter-node communication and signature verification to prevent unauthorized coordination; and (c) sentinel-adaptive intrusion detection (SAID) uses an unsupervised deep learning autoencoder to detect anomalies and identify zero-day threats. Combined, these layers offer scalable, adaptive, and real-time security for distributed SDN-Kubernetes environments.
dc.language	ng
dc.publisher	IGI Global
dc.relation.ispartof	International Journal of Cloud Applications and Computing
dc.relation.isbasedon	10.4018/IJCAC.398931
dc.rights	info:eu-repo/semantics/openAccess
dc.subject.classification	4604 Cybersecurity and privacy
dc.subject.classification	4606 Distributed computing and systems software
dc.title	End-to-End Security for SDN Controllers in Distributed K8s Environments for Fog and Cloud
dc.type	Journal Article
utslib.citation.volume	16
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
pubs.organisational-group	University of Technology Sydney/UTS Groups
pubs.organisational-group	University of Technology Sydney/UTS Groups/Cyber Digital Centre (CDC)
pubs.organisational-group	University of Technology Sydney/UTS Groups/The Trustworthy Digital Society
utslib.copyright.status	open_access	*
dc.rights.license	This work is licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0). To view a copy of this license, visit https://creativecommons.org/licenses/by/4.0/
dc.date.updated	2026-05-27T02:18:43Z
pubs.issue	1
pubs.publication-status	Published
pubs.volume	16
utslib.citation.issue	1

Abstract:

The deployment of software-defined networking (SDN) in distributed Kubernetes environments across fog and cloud systems introduces complex security challenges. Traditional approaches often fail to ensure secure, resource-efficient control-plane operations and verifiable node coordination at scale. This study proposes a three-layered security framework: (a) flexible control plan (FCP) integrates lightweight SDN controllers with runtime attestation for trusted execution in resource-constrained fog nodes; (b) secure software-defined offloading (SSDO) enforces encrypted, policy-driven inter-node communication and signature verification to prevent unauthorized coordination; and (c) sentinel-adaptive intrusion detection (SAID) uses an unsupervised deep learning autoencoder to detect anomalies and identify zero-day threats. Combined, these layers offer scalable, adaptive, and real-time security for distributed SDN-Kubernetes environments.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/195157