A Practical Runtime Security Policy Transformation Framework for Software Defined Networks
Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:BIHV5PTYrecord.jsonopen to challenge →
read the original abstract
Software-defined networking (SDN) has been widely utilized to enforce the security of traditional networks, thereby promoting the process of transforming traditional networks into SDN networks. However, SDN-based security enforcement mechanisms rely heavily on the security policies containing the underlying information of data plane. With increasing the scale of underlying network, the current security policy management mechanism will confront more and more challenges. The security policy transformation for SDN networks is to research how to transform the high-level security policy without containing the underlying information of data plane into the practical flow entries used by the OpenFlow switches automatically, thereby implementing the automation of security policy management. Based on this insight, a practical runtime security policy transformation framework is proposed in this paper. First of all, we specify the security policies used by SDN networks as a system model of security policy (SPM). From the theoretical level, we establish the system model for SDN network and propose a formal method to transform SPM into the system model of flow entries automatically. From the practical level, we propose a runtime security policy transformation framework to solve the problem of how to find a connected path for each relationship of SPM in the data plane, as well as how to generate the practical flow entries according to the system model of flow entries. In order to validate the feasibility and effectiveness of the framework, we set up an experimental system and implement the framework with POX controller and Mininet emulator.
This paper has not been read by Pith yet.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.