Access Control Lists (ACL) are critical to protecting network and cyber-physical systems. Traditional firewalls mostly use reactive methods to enforce ACLs, so that new ACL updates cannot take effect immediately. In this paper, based on our previous work, we propose CPACK, an intelligent cyber-physical access control kit, which uses a smart algorithm to upgrade the ACL list. CPACK adopts a proactive way to enforce ACL and reacts to a new ACL update and network view update in real time. We implement CPACK on both Floodlight and ONOS controller. We then conduct a large number of experiments to compare CPACK with the Floodlight firewall application. The experimental results show that CPACK has a better performance than the existing Floodlight firewall application. CPACK is also integrated into the new version of Floodlight and ONOS controller.
Keywords: Access Control List (ACL); ONOS; Software-Defined Networking (SDN); floodlight; security.