Next Article in Journal
Zero-Sum Matrix Game with Payoffs of Dempster-Shafer Belief Structures and Its Applications on Sensors
Next Article in Special Issue
An Adaptive Clustering Approach Based on Minimum Travel Route Planning for Wireless Sensor Networks with a Mobile Sink
Previous Article in Journal
A Novel Method of Localization for Moving Objects with an Alternating Magnetic Field
Previous Article in Special Issue
Suitability of Strain Gage Sensors for Integration into Smart Sport Equipment: A Golf Club Example
Article Menu
Issue 4 (April) cover image

Export Article

Open AccessArticle
Sensors 2017, 17(4), 920; doi:10.3390/s17040920

Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks

1,2,3,†
,
4,5,†,* and 4
1
Network and Information Center, Institute of Network Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
2
Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, Beijing University of Posts and Telecommunications, Beijing 100876, China
3
National Engineering Laboratory for Mobile Network Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
4
School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China
5
Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210003, China
These authors contributed equally to this work.
*
Author to whom correspondence should be addressed.
Academic Editors: Yunchuan Sun, Zhipeng Cai and Antonio Jara
Received: 25 February 2017 / Revised: 18 April 2017 / Accepted: 19 April 2017 / Published: 21 April 2017
View Full-Text   |   Download PDF [1178 KB, uploaded 21 April 2017]   |  

Abstract

For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller. View Full-Text
Keywords: software defined network; security service; service composition; RETE software defined network; security service; service composition; RETE
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Lin, Z.; Tao, D.; Wang, Z. Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks. Sensors 2017, 17, 920.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Sensors EISSN 1424-8220 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top