SUPC: SDN enabled Universal Policy Checking in Cloud Network
| Title | SUPC: SDN enabled Universal Policy Checking in Cloud Network |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Chowdhary, Ankur, Alshamrani, Adel, Huang, Dijiang |
| Conference Name | 2019 International Conference on Computing, Networking and Communications (ICNC) |
| Date Published | feb |
| Keywords | cloud computing, composability, computer network security, conflict checking mechanism, Dynamic Networks and Security, dynamic SFC composition, Firewalls (computing), Metrics, Middleboxes, monitoring service functions, multitenant cloud networks, network function virtualization, Network Function Virtualization (NFV), NFV, policy conflicts, Protocols, pubcrawl, Resiliency, SDN enabled universal policy checking, security breaches, Security Policies Analysis, Security Policy Conflicts, service function chain, Service Function Chaining (SFC), SF rule ordering overlaps, SF rules, Software Defined Network, Software Defined Network (SDN), software defined networking, SUPC, Virtual private networks, virtualisation |
| Abstract | Multi-tenant cloud networks have various security and monitoring service functions (SFs) that constitute a service function chain (SFC) between two endpoints. SF rule ordering overlaps and policy conflicts can cause increased latency, service disruption and security breaches in cloud networks. Software Defined Network (SDN) based Network Function Virtualization (NFV) has emerged as a solution that allows dynamic SFC composition and traffic steering in a cloud network. We propose an SDN enabled Universal Policy Checking (SUPC) framework, to provide 1) Flow Composition and Ordering by translating various SF rules into the OpenFlow format. This ensures elimination of redundant rules and policy compliance in SFC. 2) Flow conflict analysis to identify conflicts in header space and actions between various SF rules. Our results show a significant reduction in SF rules on composition. Additionally, our conflict checking mechanism was able to identify several rule conflicts that pose security, efficiency, and service availability issues in the cloud network. |
| DOI | 10.1109/ICCNC.2019.8685550 |
| Citation Key | chowdhary_supc_2019 |
- Protocols
- virtualisation
- Virtual private networks
- SUPC
- software defined networking
- Software Defined Network (SDN)
- Software Defined Network
- SF rules
- SF rule ordering overlaps
- Service Function Chaining (SFC)
- service function chain
- Security Policy Conflicts
- security breaches
- SDN enabled universal policy checking
- Resiliency
- pubcrawl
- Security Policies Analysis
- policy conflicts
- NFV
- Network Function Virtualization (NFV)
- network function virtualization
- multitenant cloud networks
- monitoring service functions
- Middleboxes
- Metrics
- Firewalls (computing)
- dynamic SFC composition
- Dynamic Networks and Security
- conflict checking mechanism
- computer network security
- composability
- Cloud Computing