Towards a Dynamic Policy Enhanced Integrated Security Architecture for SDN Infrastructure
| Title | Towards a Dynamic Policy Enhanced Integrated Security Architecture for SDN Infrastructure |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Karmakar, K. K., Varadharajan, V., Tupakula, U., Hitchens, M. |
| Conference Name | NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium |
| Date Published | April 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-4973-8 |
| Keywords | authorisation, business communication, composability, computer network management, computer network security, different security mechanisms, dynamic changes, dynamic networks, dynamic policy enhanced integrated security architecture, dynamic policy framework, Dynamical Systems, enterprise network security, Metrics, network attacks, network devices, Network Security Architecture, networking arena, Performance analysis, policy-based approach, Policy-based Security Architecture, Predictive Metrics, pubcrawl, resilience, Resiliency, SDN based enterprise networks, SDN infrastructure, SDN security, secure SDN, security attacks, security measures, security policies, software defined networking, telecommunication security |
| Abstract | Enterprise networks are increasingly moving towards Software Defined Networking, which is becoming a major trend in the networking arena. With the increased popularity of SDN, there is a greater need for security measures for protecting the enterprise networks. This paper focuses on the design and implementation of an integrated security architecture for SDN based enterprise networks. The integrated security architecture uses a policy-based approach to coordinate different security mechanisms to detect and counteract a range of security attacks in the SDN. A distinguishing characteristic of the proposed architecture is its ability to deal with dynamic changes in the security attacks as well as changes in trust associated with the network devices in the infrastructure. The adaptability of the proposed architecture to dynamic changes is achieved by having feedback between the various security components/mechanisms in the architecture and managing them using a dynamic policy framework. The paper describes the prototype implementation of the proposed architecture and presents security and performance analysis for different attack scenarios. We believe that the proposed integrated security architecture provides a significant step towards achieving a secure SDN for enterprises. |
| URL | https://ieeexplore.ieee.org/document/9110405 |
| DOI | 10.1109/NOMS47738.2020.9110405 |
| Citation Key | karmakar_towards_2020 |
- SDN infrastructure
- Network Security Architecture
- networking arena
- Performance analysis
- policy-based approach
- Policy-based Security Architecture
- pubcrawl
- resilience
- SDN based enterprise networks
- network devices
- SDN security
- secure SDN
- security attacks
- security measures
- security policies
- software defined networking
- telecommunication security
- Dynamical Systems
- network attacks
- Metrics
- Enterprise Network Security
- dynamic policy framework
- dynamic policy enhanced integrated security architecture
- dynamic networks
- dynamic changes
- different security mechanisms
- computer network security
- computer network management
- business communication
- authorisation
- composability
- Predictive Metrics
- Resiliency