Visible to the public A Flexible Architecture for Orchestrating Network Security Functions to Support High-level Security Policies

Submitted by grigby1 on Wed, 02/21/2018 - 12:43pm
TitleA Flexible Architecture for Orchestrating Network Security Functions to Support High-level Security Policies
Publication TypeConference Paper
Year of Publication2017
AuthorsOh, Sanghak, Kim, Eunsoo, Jeong, Jaehoon(Paul), Ko, Hoon, Kim, Hyoungshick
Conference NameProceedings of the 11th International Conference on Ubiquitous Information Management and Communication
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4888-1
KeywordsNetwork Security Architecture, NFV, NSF, pubcrawl, resilience, Resiliency, security management, security policy
AbstractNetwork Functions Virtualization (NFV) has provided a new way to design and deploy network security services, but it may fail to build a practically useful ecosystem that seamlessly integrates network security services if there is no standard interface between them. We propose a generic architecture for security management service based on Network Security Functions (NSF) using NFV. The proposed architecture allows users to define their security requirements in a user-friendly manner by providing the users with high-level security interfaces that do not require specific information about network resources and protocols. We design basic components (e.g., Security policy manager, NSF capability manager, Application logic, Policy updater and Event collector) and interfaces for the proposed architecture. We introduce three use cases: (1) blacklists of dangerous domains, (2) time-dependent access control policies and (3) detection of suspicious calls for VoIP-VoLTE services. We also explain how to implement our proposed architecture with an illustrative example. Furthermore, we discuss several technical challenges to deploy the proposed architecture in a real network environment.
URLhttp://doi.acm.org/10.1145/3022227.3022270
DOI10.1145/3022227.3022270
Citation Keyoh_flexible_2017
Groups: