Security policy checking in distributed SDN based clouds
| Title | Security policy checking in distributed SDN based clouds |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Pisharody, S., Chowdhary, A., Huang, Dijiang |
| Conference Name | 2016 IEEE Conference on Communications and Network Security (CNS) |
| Date Published | Oct. 2016 |
| Publisher | IEEE |
| ISBN Number | 978-1-5090-3065-1 |
| Keywords | application deployment, centralized implementation, cloud computing, cloud computing environment, Collaboration, computer centres, computer network security, Conferences, conflict free environment, control systems, Cross Layer Security, cross-layer conflict, decentralized network management, distributed SDN based cloud, dynamic topology change, governance, Government, multitenant data center environment, network control separation, Network topology, open systems, organizational security policy, policy, policy-based governance, proof-of-concept prototype, pubcrawl, security, security policies, security policy checking, security policy management, Software Defined Network, software defined networking, telecommunication network topology, Topology |
| Abstract | Separation of network control from devices in Software Defined Network (SDN) allows for centralized implementation and management of security policies in a cloud computing environment. The ease of programmability also makes SDN a great platform implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. Dynamic change of network topology, or host reconfiguration in such networks might require corresponding changes to the flow rules in the SDN based cloud environment. Verifying adherence of these new flow policies in the environment to the organizational security policies and ensuring a conflict free environment is especially challenging. In this paper, we extend the work on rule conflicts from a traditional environment to an SDN environment, introducing a new classification to describe conflicts stemming from cross-layer conflicts. Our framework ensures that in any SDN based cloud, flow rules do not have conflicts at any layer; thereby ensuring that changes to the environment do not lead to unintended consequences. We demonstrate the correctness, feasibility and scalability of our framework through a proof-of-concept prototype. |
| URL | https://ieeexplore.ieee.org/document/7860466 |
| DOI | 10.1109/CNS.2016.7860466 |
| Citation Key | pisharody_security_2016 |
- security
- network control separation
- network topology
- open systems
- organizational security policy
- Policy
- policy-based governance
- proof-of-concept prototype
- pubcrawl
- multitenant data center environment
- security policies
- security policy checking
- security policy management
- Software Defined Network
- software defined networking
- telecommunication network topology
- Topology
- control systems
- centralized implementation
- Cloud Computing
- cloud computing environment
- collaboration
- computer centres
- computer network security
- Conferences
- conflict free environment
- application deployment
- Cross Layer Security
- cross-layer conflict
- decentralized network management
- distributed SDN based cloud
- dynamic topology change
- Governance
- Government