The OpenFlow paradigm embraces third-party development efforts, and therefore suffers from potential attacks that usurp the excessive privileges of control plane applications. Such privilege abuse could lead to various attacks impacting the entire administrative domain. In this project, we design SDNShield, an access control system that helps network administrators to express and enforce only the minimum required privileges to individual controller applications. SDNShield achieves this goal through (i) fine-grained permission abstractions that allow accurate representation of application behavior boundary, and (ii) automatic security policy reconciliation that incorporate security policies specified by administrators into the requested permissions. Through prototype implementation, we verify its effectiveness against proof-of-concept attacks. Performance evaluation shows that SDNShield introduces negligible runtime overhead.