Paper Info
Title
A flexible architecture for orchestrating network security functions to support high-level security policies.
Abstract
Network Functions Virtualization (NFV) has provided a new way to design and deploy network security services, but it may fail to build a practically useful ecosystem that seamlessly integrates network security services if there is no standard interface between them. We propose a generic architecture for security management service based on Network Security Functions (NSF) using NFV. The proposed architecture allows users to define their security requirements in a user-friendly manner by providing the users with high-level security interfaces that do not require specific information about network resources and protocols. We design basic components (e.g., Security policy manager, NSF capability manager, Application logic, Policy updater and Event collector) and interfaces for the proposed architecture. We introduce three use cases: (1) blacklists of dangerous domains, (2) time-dependent access control policies and (3) detection of suspicious calls for VoIP-VoLTE services. We also explain how to implement our proposed architecture with an illustrative example. Furthermore, we discuss several technical challenges to deploy the proposed architecture in a real network environment.
Year
DOI
Venue
2017
10.1145/3022227.3022270
IMCOM
Field
DocType
Citations 
Network security policy,Distributed System Security Architecture,Computer science,Computer security,Computer network,Security service,Cloud computing security,Security information and event management,Enterprise information security architecture,Network Access Control,Computer security model
Conference
3
PageRank 
References 
Authors
0.51
6
5
Name
Order
Citations
PageRank
Sanghak Oh150.89
Eunsoo Kim231.18
Jaehoon Jeong338734.96
Hoon Ko45819.15
Hyoungshick Kim522632.27