A Policy-based Interaction Protocol between Software Defined Security Controller and Virtual Security Functions

2020 4th Cyber Security in Networking Conference (CSNet) Pub Date : 2020-10-21 DOI:10.1109/CSNet50428.2020.9265460

Sara Farahmandian, D. Hoang

{"title":"A Policy-based Interaction Protocol between Software Defined Security Controller and Virtual Security Functions","authors":"Sara Farahmandian, D. Hoang","doi":"10.1109/CSNet50428.2020.9265460","DOIUrl":null,"url":null,"abstract":"Cloud, Software-Defined Networking (SDN), and Network Function Virtualization (NFV) technologies have introduced a new era of cybersecurity threats and challenges. To protect cloud infrastructure, in our earlier work, we proposed Software Defined Security Service (SDS2) to tackle security challenges centered around a new policy-based interaction model. The security architecture consists of three main components: a Security Controller, Virtual Security Functions (VSF), and a Sec-Manage Protocol. However, the security architecture requires an agile and specific protocol to transfer interaction parameters and security messages between its components where OpenFlow considers mainly as network routing protocol. So, The Sec-Manage protocol has been designed specifically for obtaining policy-based interaction parameters among cloud entities between the security controller and its VSFs. This paper focuses on the design and the implementation of the Sec-Manage protocol and demonstrates its use in setting, monitoring, and conveying relevant policy-based interaction security parameters.","PeriodicalId":234911,"journal":{"name":"2020 4th Cyber Security in Networking Conference (CSNet)","volume":"442 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 4th Cyber Security in Networking Conference (CSNet)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSNet50428.2020.9265460","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Cloud, Software-Defined Networking (SDN), and Network Function Virtualization (NFV) technologies have introduced a new era of cybersecurity threats and challenges. To protect cloud infrastructure, in our earlier work, we proposed Software Defined Security Service (SDS2) to tackle security challenges centered around a new policy-based interaction model. The security architecture consists of three main components: a Security Controller, Virtual Security Functions (VSF), and a Sec-Manage Protocol. However, the security architecture requires an agile and specific protocol to transfer interaction parameters and security messages between its components where OpenFlow considers mainly as network routing protocol. So, The Sec-Manage protocol has been designed specifically for obtaining policy-based interaction parameters among cloud entities between the security controller and its VSFs. This paper focuses on the design and the implementation of the Sec-Manage protocol and demonstrates its use in setting, monitoring, and conveying relevant policy-based interaction security parameters.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

一种基于策略的软件安全控制器与虚拟安全功能交互协议

云、软件定义网络(SDN)和网络功能虚拟化(NFV)技术带来了网络安全威胁和挑战的新时代。为了保护云基础设施，在我们早期的工作中，我们提出了软件定义的安全服务(SDS2)来解决以新的基于策略的交互模型为中心的安全挑战。安全架构由三个主要部分组成:安全控制器、虚拟安全功能(VSF)和安全管理协议。然而，安全架构需要一个灵活的、特定的协议来在组件之间传递交互参数和安全消息，OpenFlow主要将其视为网络路由协议。因此，Sec-Manage协议被专门设计用于获取安全控制器与其vfs之间的云实体之间基于策略的交互参数。本文重点介绍了Sec-Manage协议的设计和实现，并演示了它在设置、监控和传递相关的基于策略的交互安全参数方面的使用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2020 4th Cyber Security in Networking Conference (CSNet)

自引率

0.00%

发文量