TY - GEN
T1 - SUPC
T2 - 2019 International Conference on Computing, Networking and Communications, ICNC 2019
AU - Chowdhary, Ankur
AU - Alshamrani, Adel
AU - Huang, Dijiang
N1 - Funding Information:
This research is based upon work supported by the NRL N00173-15-G017, NSF Grants 1642031, 1528099, and 1723440, and NSFC Grants 61628201 and 61571375.
Funding Information:
ACKNOWLEDGMENT This research is based upon work supported by the NRL N00173-15-G017, NSF Grants 1642031, 1528099, and 1723440, and NSFC Grants 61628201 and 61571375.
Publisher Copyright:
© 2019 IEEE.
PY - 2019/4/8
Y1 - 2019/4/8
N2 - Multi-tenant cloud networks have various security and monitoring service functions (SFs) that constitute a service function chain (SFC) between two endpoints. SF rule ordering overlaps and policy conflicts can cause increased latency, service disruption and security breaches in cloud networks. Software Defined Network (SDN) based Network Function Virtualization (NFV) has emerged as a solution that allows dynamic SFC composition and traffic steering in a cloud network. We propose an SDN enabled Universal Policy Checking (SUPC) framework, to provide 1) Flow Composition and Ordering by translating various SF rules into the OpenFlow format. This ensures elimination of redundant rules and policy compliance in SFC. 2) Flow conflict analysis to identify conflicts in header space and actions between various SF rules. Our results show a significant reduction in SF rules on composition. Additionally, our conflict checking mechanism was able to identify several rule conflicts that pose security, efficiency, and service availability issues in the cloud network.
AB - Multi-tenant cloud networks have various security and monitoring service functions (SFs) that constitute a service function chain (SFC) between two endpoints. SF rule ordering overlaps and policy conflicts can cause increased latency, service disruption and security breaches in cloud networks. Software Defined Network (SDN) based Network Function Virtualization (NFV) has emerged as a solution that allows dynamic SFC composition and traffic steering in a cloud network. We propose an SDN enabled Universal Policy Checking (SUPC) framework, to provide 1) Flow Composition and Ordering by translating various SF rules into the OpenFlow format. This ensures elimination of redundant rules and policy compliance in SFC. 2) Flow conflict analysis to identify conflicts in header space and actions between various SF rules. Our results show a significant reduction in SF rules on composition. Additionally, our conflict checking mechanism was able to identify several rule conflicts that pose security, efficiency, and service availability issues in the cloud network.
KW - Network Function Virtualization (NFV)
KW - Security Policy Conflicts
KW - Service Function Chaining (SFC)
KW - Software Defined Network (SDN)
UR - http://www.scopus.com/inward/record.url?scp=85064974392&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85064974392&partnerID=8YFLogxK
U2 - 10.1109/ICCNC.2019.8685550
DO - 10.1109/ICCNC.2019.8685550
M3 - Conference contribution
AN - SCOPUS:85064974392
T3 - 2019 International Conference on Computing, Networking and Communications, ICNC 2019
SP - 572
EP - 576
BT - 2019 International Conference on Computing, Networking and Communications, ICNC 2019
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 18 February 2019 through 21 February 2019
ER -