A Practical Runtime Security Policy Transformation Framework for Software Defined Networks

by   Yunfei Meng, et al.

Software-defined networking (SDN) has been widely utilized to enforce the security of traditional networks, thereby promoting the process of transforming traditional networks into SDN networks. However, SDN-based security enforcement mechanisms rely heavily on the security policies containing the underlying information of data plane. With increasing the scale of underlying network, the current security policy management mechanism will confront more and more challenges. The security policy transformation for SDN networks is to research how to transform the high-level security policy without containing the underlying information of data plane into the practical flow entries used by the OpenFlow switches automatically, thereby implementing the automation of security policy management. Based on this insight, a practical runtime security policy transformation framework is proposed in this paper. First of all, we specify the security policies used by SDN networks as a system model of security policy (SPM). From the theoretical level, we establish the system model for SDN network and propose a formal method to transform SPM into the system model of flow entries automatically. From the practical level, we propose a runtime security policy transformation framework to solve the problem of how to find a connected path for each relationship of SPM in the data plane, as well as how to generate the practical flow entries according to the system model of flow entries. In order to validate the feasibility and effectiveness of the framework, we set up an experimental system and implement the framework with POX controller and Mininet emulator.


page 1

page 2

page 3

page 4


A Security Policy Model Transformation and Verification Approach for Software Defined Networking

Software defined networking (SDN) has been adopted to enforce the securi...

A Policy based Security Architecture for Software Defined Networks

As networks expand in size and complexity, they pose greater administrat...

SDN-based Runtime Security Enforcement Approach for Privacy Preservation of Dynamic Web Service Composition

Aiming at the privacy preservation of dynamic Web service composition, t...

MLSNet: A Policy Complying Multilevel Security Framework for Software Defined Networking

Ensuring that information flowing through a network is secure from manip...

Fault Localization in Large-Scale Network Policy Deployment

The recent advances in network management automation and Software-Define...

MPLS-based Reduction of Flow Table Entries in SDN Switches Supporting Multipath Transmission

In the paper, a new mechanism for Software-Defined Networking (SDN) flow...

Software defined networking flow admission and routing under minimal security constraints

In recent years, computer networks and telecommunications in general hav...

Please sign up or login with your details

Forgot password? Click here to reset