Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks
AbstractFor a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller. View Full-Text
Scifeed alert for new publicationsNever miss any articles matching your research from any publisher
- Get alerts for new papers matching your research
- Find out the new papers from selected authors
- Updated daily for 49'000+ journals and 6000+ publishers
- Define your Scifeed now
Lin, Z.; Tao, D.; Wang, Z. Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks. Sensors 2017, 17, 920.
Lin Z, Tao D, Wang Z. Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks. Sensors. 2017; 17(4):920.Chicago/Turabian Style
Lin, Zhaowen; Tao, Dan; Wang, Zhenji. 2017. "Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks." Sensors 17, no. 4: 920.