Intent-Driven Security Policy Management for Software-Defined Systems

Ankur Chowdhary, Abdulhakim Sabur, Neha Vadnere, Dijiang Huang

Research output: Contribution to journalArticlepeer-review

2 Scopus citations


Different network controllers are utilized in a multi-domain software-defined systems (SDx) to manage the networking resources. However, these controllers operate using a different high-level language (intent). Thus, the admin needs to perform cross-layer translation from the user requirements to the underlying network controller format, increasing human-in-the-loop overhead. There are two primary security and management challenges involved in managing multi-domain controllers. The first challenge is how to design an SDN controller language that can effectively convert human-specified networking policies at the control plane into the network flow rules level at the data plane. The second challenge is how to reduce the complexity of network flow rules conflict checking at the data plane. To address these challenges, we present a new intent-based security policy enforcement solution called INTPOL. First, INTPOL provides a unified intent rules that abstracts the network admin from the underlying network controller's format. Second, INTPOL develops a networking service solution to use a bounded formal model for network service compliance checking that significantly reduces the complexity of flow rules conflicts checking at the data plane level. Finally, INTPOL is expendable from a single SDN domain to multiple SDN domains and hybrid networks by applying network service function chaining (SFC) for inter-domain policy management.

Original languageEnglish (US)
Pages (from-to)5208-5223
Number of pages16
JournalIEEE Transactions on Network and Service Management
Issue number4
StatePublished - Dec 1 2022
Externally publishedYes


  • Software-defined networks (SDN)
  • bounded model checking (BMC)
  • network invariant checking
  • security policy management
  • service function chaining

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering


Dive into the research topics of 'Intent-Driven Security Policy Management for Software-Defined Systems'. Together they form a unique fingerprint.

Cite this