A Dynamic Service Identity-Based Security Policy Consistency Checking Mechanism in SDN
2023 IEEE INTERNATIONAL CONFERENCES ON INTERNET OF THINGS, ITHINGS IEEE GREEN COMPUTING AND COMMUNICATIONS, GREENCOM IEEE CYBER, PHYSICAL AND SOCIAL COMPUTING, CPSCOM IEEE SMART DATA, SMARTDATA AND IEEE CONGRESS ON CYBERMATICS,CYBERMATICS(2024)
Abstract
Service Function Chaining (SFC) is the basic business model in a Virtualization of Network Functions (VNF) scenario, which enables the provision of customized network services, including security services such as resiliently deployed stateless firewalls, load balancers, and Intrusion Detection and Prevention Systems (IDPS). However, conflicting security policies during service matching and operation enforcement may lead to problems such as policy inconsistency, forwarding loop, and information leakage. To solve these problems, the paper takes a global view of the SDN controller and configures unique service identifiers and authentication keys for policy enforcers. At the same time, a probabilistic path authentication identifier is inserted for the packet using programming protocol-independent packet processors (P4) language and combined with a symmetric key-based authentication algorithm to realize the policy checking mechanism. In this way, the consistency of the SDN controller security policy can be ensured in terms of both the consistency of the SDN flow table rules and the consistency of the enforced policies in the service function chain. The experimental results show that our mechanism can effectively ensure the consistency of security policies under the premise of ensuring acceptable throughput and delay overhead.
MoreTranslated text
Key words
Software-Defined Networking (SDN),Network Functions Virtualization (NFV),Service Function Chaining (SFC),Policy consistency checking,P4,Path verification
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined