A Security Policy Model Transformation and Verification Approach for Software Defined Networking

by   Yunfei Meng, et al.

Software defined networking (SDN) has been adopted to enforce the security of large-scale and complex networks because of its programmable, abstract, centralized intelligent control and global and real-time traffic view. However, the current SDN-based security enforcement mechanisms require network managers to fully understand the underlying configurations of network. Facing the increasingly complex and huge SDN networks, we urgently need a novel security policy management mechanism which can be completely transparent to any underlying information. That is it can permit network managers to define upper-level security policies without containing any underlying information of network, and by means of model transformation system, these upper-level security policies can be transformed into their corresponding lower-level policies containing underlying information automatically. Moreover, it should ensure system model updated by the generated lower-level policies can hold all of security properties defined in upper-level policies. Based on these insights, we propose a security policy model transformation and verification approach for SDN in this paper. We first present the formal definition of a security policy model (SPM) which can be used to specify the security policies used in SDN. Then, we propose a model transformation system based on SDN system model and mapping rules, which can enable network managers to convert SPM model into corresponding underlying network configuration policies automatically, i.e., flow table model (FTM). In order to verify SDN system model updated by the generated FTM models can hold the security properties defined in SPM models, we design a security policy verification system based on model checking. Finally, we utilize a comprehensive case to illustrate the feasibility of the proposed approach.


page 1

page 2

page 3

page 4


A Practical Runtime Security Policy Transformation Framework for Software Defined Networks

Software-defined networking (SDN) has been widely utilized to enforce th...

Fault Localization in Large-Scale Network Policy Deployment

The recent advances in network management automation and Software-Define...

ANCHOR: logically-centralized security for Software-Defined Networks

While the logical centralization of functional properties of the network...

Actor-Based Model Checking for SDN Networks

Software-Defined Networking (SDN) is a networking paradigm that has beco...

Software defined networking flow admission and routing under minimal security constraints

In recent years, computer networks and telecommunications in general hav...

SUPC: SDN enabled Universal Policy Checking in Cloud Network

Multi-tenant cloud networks have various security and monitoring service...

VIVoNet: Visually-represented, Intent-based, Voice-assisted Networking

Networks have become considerably large, complex and dynamic. The config...

Please sign up or login with your details

Forgot password? Click here to reset