ACLFLOW: An NFV/SDN Security Framework for Provisioning and Managing Access Control Lists - Citegraph

Paper Info

Title
ACLFLOW: An NFV/SDN Security Framework for Provisioning and Managing Access Control Lists

Abstract
Router Access Control Lists (ACLs) are a traditional way to filter traffic on cloud computing selectively. However, a large number of rules may be required, whereas the storage capacity of router Ternary Content Addressable Memories (TCAMs) is scarce and expensive. This paper proposes a Network Functions Virtualization (NFV)/Software-Defined Networking (SDN) security framework, named ACLFLOW. ACLFLOW (i) translates regular ACLs (source/destination IP, source/destination port, and protocol) into OpenFlow filtering rules; (ii) creates and manages large OpenFlow ACLs on distributed software switches, which act as security virtual network functions (named OpenFlow VNF-ACLs), to address the TCAM storage capacity problem; (iii) implements a proposed algorithm to dynamically prioritize the most popular rule to accelerate switching operations; and (iv) orchestrates and accelerates the deployment of NFV/SDN environments into production clouds. We have implemented a framework prototype into the Open Platform for NFV (OPNFV) and evaluated its performance using different tools and scenarios. Results show that OpenFlow VNF-ACL improves maximum throughput by up to 90%, its HTTP request rates are up to 50% better, and it reduces Round Trip Time (RTT) by 70% when its performance is compared with a stateless Iptables running in virtual machines. Moreover, the proposed algorithm dynamically improves HTTP request rate of flows with the highest traffic volume by 15% and reduces RTT by 25% when compared with ACLFLOW without prioritization.

Year	DOI	Venue
2018	10.1109/NOF.2018.8598136	2018 9th International Conference on the Network of the Future (NOF)
Keywords	Field	DocType
switching operations,production clouds,OpenFlow VNF-ACL,virtual machines,OpenFlow filtering rules,distributed software switches,security virtual network functions,TCAM storage capacity problem,NFV security framework,SDN security framework,access control list provisioning,access control list management,router access control lists,cloud computing,router ternary content addressable memories,network functions virtualization security framework,software-defined networking security framework,ACLFLOW,regular ACL,source-destination IP,source-destination port,OpenFlow ACL,HTTP request rate,traffic volume	Virtual network,Virtual machine,Computer science,Computer network,Provisioning,OpenFlow,Access control,Throughput,Router,Cloud computing	Conference
ISSN	ISBN	Citations
2377-8652	978-1-5386-8504-4	1
PageRank	References	Authors
0.36	13	3

Authors (3 rows)

Cited by (1 rows)

References (13 rows)

Name	Order	Citations	PageRank
Leopoldo A. F. Mauricio	1	1	0.36
Rubinstein, M.G.	2	1	0.70
Otto Carlos Muniz Bandeira Duarte	3	686	55.46

1