Algorithm 1 Sensing layer algorithm for east–west interface trust evaluation

Require: Set of SDN controllers $C=\{C_1,C_2,\dots ,C_n\}$, Probing frequency $f_p={\displaystyle \frac{1}{\Delta t}}$,    Threshold trust value $\theta$, Public key $K_{pub}$ of blockchain node Ensure: Encrypted trust dataset ${\mathsf{\Psi }}_{enc}$, Trust evaluation report $T_r$   1: Initialize metric set $M=\varnothing$, timestamp $t=0$   2: for each controller $C_i\in C$ do   3:     Initialize local metric buffer $M_i=\varnothing$   4: end for   5: while network is active do   6:     for each controller $C_i\in C$ do   7:         Sample trust-critical parameters ${\mathbf{m}}_t=[{\mathrm{PDR}}_t,L_t,{\mathrm{CMI}}_t,R{C}_t,BA{S}_t]$   8:         Record timestamp $t\leftarrow t+\Delta t$   9:         Append $(t,{\mathbf{m}}_t)$ to $M_i$   10:        if anomaly detected in ${\mathbf{m}}_t$ then   11:            Increase probing frequency $f_p\leftarrow f_p+\delta$   12:        else   13:            Restore probing frequency $f_p\leftarrow {\displaystyle \frac{1}{\Delta t}}$   14:         end if   15:         Compress ${\mathbf{m}}_t$ using CABAC: ${\widehat{\mathbf{m}}}_t\leftarrow \mathrm{CABAC}\left({\mathbf{m}}_t\right)$   16:         Encrypt ${\widehat{\mathbf{m}}}_t$: $E_t\leftarrow En{c}_{K_{pub}}\left({\widehat{\mathbf{m}}}_t\right)$   17:         Generate integrity hash: $h_t\leftarrow \mathcal{H}\left(E_t\right)$   18:         Create secure packet: ${\mathsf{\Psi }}_{enc}^t\leftarrow \{E_t,h_t\}$   19:         Send ${\mathsf{\Psi }}_{enc}^t$ to blockchain verifier   20:     end for   21:     for each received ${\mathsf{\Psi }}_{enc}^t$ at blockchain layer do   22:         Decrypt $E_t$ using $K_{priv}$, validate hash $h_t$   23:         if $\mathcal{H}\left(E_t\right)=h_t$ then   24:            Validate sender identity via smart contract SC   25:            if identity ∈ registry and signature matches then   26:                Approve trust record: $T_r\leftarrow T_r\cup \{C_i,t,{\mathbf{m}}_t\}$   27:                Send ACK to $C_i$   28:            else   29:               Mark $C_i$ as malicious   30:                Remove $C_i$ from network set C   31:            end if   32:         else   33:            Reject data: Integrity violation   34:         end if   35:     end for   36: end while   37: return Final encrypted trust dataset ${\mathsf{\Psi }}_{enc}$ and report $T_r$