用于软件定义安全性的可伸缩流规则转换实现

The 16th Asia-Pacific Network Operations and Management Symposium Pub Date : 2014-12-29 DOI:10.1109/APNOMS.2014.6996571

Hao Tu, Weiming Li, Dong Li, Junqing Yu

{"title":"用于软件定义安全性的可伸缩流规则转换实现","authors":"Hao Tu, Weiming Li, Dong Li, Junqing Yu","doi":"10.1109/APNOMS.2014.6996571","DOIUrl":null,"url":null,"abstract":"Software defined networking brings many possibilities to network security, one of the most important security challenge it can help with is the possibility to make network traffic pass through specific security devices, in other words, determine where to deploy these devices logically. However, most researches focus on high level policy and interaction framework but ignored how to translate them to low-level OpenFlow rules with scalability. We analyze different actions used in common security scenarios and resource constraints of physical switch. Based on them, we propose a rule translation implementation which can optimize the resource consumption according to different actions by selecting forward path dynamically.","PeriodicalId":269952,"journal":{"name":"The 16th Asia-Pacific Network Operations and Management Symposium","volume":"114 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A scalable flow rule translation implementation for software defined security\",\"authors\":\"Hao Tu, Weiming Li, Dong Li, Junqing Yu\",\"doi\":\"10.1109/APNOMS.2014.6996571\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software defined networking brings many possibilities to network security, one of the most important security challenge it can help with is the possibility to make network traffic pass through specific security devices, in other words, determine where to deploy these devices logically. However, most researches focus on high level policy and interaction framework but ignored how to translate them to low-level OpenFlow rules with scalability. We analyze different actions used in common security scenarios and resource constraints of physical switch. Based on them, we propose a rule translation implementation which can optimize the resource consumption according to different actions by selecting forward path dynamically.\",\"PeriodicalId\":269952,\"journal\":{\"name\":\"The 16th Asia-Pacific Network Operations and Management Symposium\",\"volume\":\"114 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-12-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The 16th Asia-Pacific Network Operations and Management Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APNOMS.2014.6996571\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 16th Asia-Pacific Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APNOMS.2014.6996571","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

软件定义的网络为网络安全带来了许多可能性，它可以帮助解决的最重要的安全挑战之一是使网络流量通过特定安全设备的可能性，换句话说，确定在逻辑上部署这些设备的位置。然而，大多数研究都集中在高层次的策略和交互框架上，而忽略了如何将其转化为具有可扩展性的底层OpenFlow规则。我们分析了常见安全场景中使用的不同操作以及物理交换机的资源约束。在此基础上，提出了一种规则转换实现，通过动态选择前向路径，可以根据不同的动作优化资源消耗。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A scalable flow rule translation implementation for software defined security

Software defined networking brings many possibilities to network security, one of the most important security challenge it can help with is the possibility to make network traffic pass through specific security devices, in other words, determine where to deploy these devices logically. However, most researches focus on high level policy and interaction framework but ignored how to translate them to low-level OpenFlow rules with scalability. We analyze different actions used in common security scenarios and resource constraints of physical switch. Based on them, we propose a rule translation implementation which can optimize the resource consumption according to different actions by selecting forward path dynamically.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The 16th Asia-Pacific Network Operations and Management Symposium

自引率

0.00%

发文量

期刊最新文献

Final program Quality management and network faults diagnosis for IPTV service Adaptive decision making for improving trust establishment in VANET A traffic load balancing method for component-based service platform with heterogeneous wireless access networks A comparison of 4G telecommunications tariff plans in Asia countries