SDN-based Runtime Security Enforcement Approach for Privacy Preservation of Dynamic Web Service Composition

by   Yunfei Meng, et al.

Aiming at the privacy preservation of dynamic Web service composition, this paper proposes a SDN-based runtime security enforcement approach for privacy preservation of dynamic Web service composition. The main idea of this approach is that the owner of service composition leverages the security policy model (SPM) to define the access control relationships that service composition must comply with in the application plane, then SPM model is transformed into the low-level security policy model (RSPM) containing the information of SDN data plane, and RSPM model is uploaded into the SDN controller. After uploading, the virtual machine access control algorithm integrated in the SDN controller monitors all of access requests towards service composition at runtime. Only the access requests that meet the definition of RSPM model can be forwarded to the target terminal. Any access requests that do not meet the definition of RSPM model will be automatically blocked by Openflow switches or deleted by SDN controller, Thus, this approach can effectively solve the problems of network-layer illegal accesses, identity theft attacks and service leakages when Web service composition is running. In order to verify the feasibility of this approach, this paper implements an experimental system by using POX controller and Mininet virtual network simulator, and evaluates the effectiveness and performance of this approach by using this system. The final experimental results show that the method is completely effective, and the method can always get the correct calculation results in an acceptable time when the scale of RSPM model is gradually increasing.


page 1

page 2

page 3

page 4


A Practical Runtime Security Policy Transformation Framework for Software Defined Networks

Software-defined networking (SDN) has been widely utilized to enforce th...

B-DAC: A Decentralized Access Control Framework on Northbound Interface for Securing SDN Using Blockchain

Software-Defined Network (SDN) is a new arising terminology of network a...

Dynamic Service-Orientation for Software-Defined In-Vehicle Networks

Modern In-Vehicle Networks (IVNs) are composed of a large number of devi...

SUPC: SDN enabled Universal Policy Checking in Cloud Network

Multi-tenant cloud networks have various security and monitoring service...

P4Filter: A two level defensive mechanism against attacks in SDN using P4

The advancements in networking technologies have led to a new paradigm o...

Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection

The choice of password composition policy to enforce on a password-prote...

Gargoyle: A Network-based Insider Attack Resilient Framework for Organizations

`Anytime, Anywhere' data access model has become a widespread IT policy ...

Please sign up or login with your details

Forgot password? Click here to reset