A Dynamic Composition Mechanism for the Security Service Chain Oriented Software Defined Networking

XIONG Gang; HU Yuxiang; DUAN Tong; LAN Julong

doi:10.11999/JEIT150876

Volume 38 Issue 5

May 2016

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2016 > 38(5): 1234-1241

XIONG Gang, HU Yuxiang, DUAN Tong, LAN Julong. A Dynamic Composition Mechanism for the Security Service Chain Oriented Software Defined Networking[J]. Journal of Electronics & Information Technology, 2016, 38(5): 1234-1241. doi: 10.11999/JEIT150876

Citation:

XIONG Gang, HU Yuxiang, DUAN Tong, LAN Julong. A Dynamic Composition Mechanism for the Security Service Chain Oriented Software Defined Networking[J]. Journal of Electronics & Information Technology, 2016, 38(5): 1234-1241. doi: 10.11999/JEIT150876

Citation:

PDF( 2075 KB)

A Dynamic Composition Mechanism for the Security Service Chain Oriented Software Defined Networking

doi: 10.11999/JEIT150876

Funds:

The National Basic Research Program of China (2012CB315901, 2013CB329104), The National Natural Science Foundation of China (61309019, 61372121), The National High Technology Research and Development Program of China (2013AA013505)

Received Date: 2015-07-21
Rev Recd Date: 2015-12-18
Publish Date: 2016-05-19

Abstract

Abstract

The close relationship between the network security function and the hardware devices causes the static rigidity of the traditional security service mode, which is difficult to meet the various security requirement of future network business development. Based on the features of the Software Defined Networking (SDN), a dynamic composition mechanism is proposed for the Composable Security Service Chain (CSSC). First, the overall framework is introduced, and a mathematical model about the composition problem is established by the vector space and integer programming. Then, a heuristic algorithm is designed for solving the model, and the prototype is achieved in SDN environment. Finally, the results of the experiments show that the proposed algorithm outperforms the compared ones, and the advantage of the CSSC is validated by the simulation.
- Software Defined Networking (SDN),
- Security service,
- Atomic ability,
- Function composition

FullText(HTML)

References(26)

References

兰巨龙, 程东年, 胡宇翔. 可重构信息通信基础网络体系研究

[J]. 通信学报, 2014, 35(1): 64-76. doi: 10.3969/j.issn. 1000- 436x.2014.01.015.

LAN J L, CHENG D N, and HU Y X. Research on reconfigurable information communication basal network architecture[J]. Journal on Communications, 2014, 35(1): 64-76. doi: 10.3969/j.issn.1000-436x.2014.01.015.

PAUL S, PAN J L, and JAIN R. Architectures for the future networks and next generation internet: a survey[J]. Computer Communications, 2011, 34(1): 2-42. doi: 10.1016/j.comcom. 2010.08.001.

黄韬, 刘江, 霍如, 等. 未来网络体系架构研究综述[J]. 通信学报, 2014, 35(8): 184-197. doi: 10.3969/j.issn.1000-436x. 2014.08.023.

HUANG T, LIU J, HUO R, et al. Survey of research on future network architectures[J]. Journal on Communications, 2014, 35(8): 184-197. doi: 10.3969/j.issn.1000-436x. 2014.08.023.

张宏科, 罗洪斌. 智慧协同网络体系基础研究[J]. 电子学报, 2013, 41(7): 1249-1255. doi: 10.3969/j.issn.0372-2112. 2013.07.001.

ZHANG H K and LUO H B. Fundamental research on theories of smart and cooperative network[J]. Acta Electronica Sinica, 2013, 41(7): 1249-1255. doi: 10.3969/j.issn. 0372-2112. 2013.07.001.

MCKEOWN N, ANDERSON T, BALAKRISHAN H, et al. OpenFlow: Enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2): 69-74. doi: 10.1145/1355734.1355746.

左青云, 陈鸣, 赵广松, 等. 基于OpenFlow的SDN技术研究[J]. 软件学报, 2013, 24(5): 1078-1097. doi: 10.3724/SP.J. 1001.2013.04390.

ZUO Q Y, CHEN M, ZHAO G S, et al. Research on OpenFlow-based SDN technologies[J]. Journal of Software, 2013, 24(5): 1078-1097. doi: 10.3724/SP.J. 1001.2013.04390.

周烨, 杨旭, 李勇, 等. 基于分类的软件定义网络流表更新一致性方案[J]. 电子与信息学报, 2013, 35(7): 1746-1752. doi: 10.3724/SP.J.1146.2012.01431.

ZHOU Y, YANG X, LI Y, et al. Classification based consistent flow update scheme in software defined network[J]. Journal of Electronics Information Technology, 2013, 35(7): 1746-1752. doi: 10.3724/SP.J.1146.2012.01431.

CHIOSI M, CLARKE D, WILLIS P, et al. Network functions virtualization-introductory white paper[R]. SDN and OpenFlow World Congress, Germany, 2012.

SHIN S, PORRAS P, YEGNESWARAN V, et al. FRESCO: modular composable security services for software-defined networks[C]. Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, 2013: 1-16.

QAZI Z, TU C C, and CHIANG L. SIMPLE-fying middlebox policy enforcement using SDN[C]. Proceedings of the ACM SIGCOMM13, Hong Kong, China, 2013: 27-38.

LEE W, CHOI Y H, and KIM N. Study on virtual service chain for secure software defined networking[J]. Advanced Science and Technology Letters, 2013, 29(13): 177-180.

GUSHCHIN A, WALID A, and TANG A. Scalable routing in SDN-enabled networks with consolidated middleboxes[C]. Proceedings of the HotMiddlebox15, London, United Kingdom, 2015: 55-60.

CHENG G Z, CHEN H C, CHEN S Q, et al. How to make network nodes adaptive?[J]. IEEE Communications Letters, 2014, 18(3): 515-518. doi: 10.1109/LCOMM.2014.011714. 132622.

AARON G J, RAAJAY V, CHAITHAN P, et al. OpenNF: enabling innovation in network function control[C]. Proceedings of the ACM SIGCOMM14, Chicago, IL, USA, 2014: 163-174.

ISO7498-2. Information processing systems-open systems interconnection basic reference model-part 2: security architecture[S]. British Standard, 1989.

陈杰, 刘建伟, 王蒙蒙, 等. 基于安全基片的可重构网络安全管控机制[J]. 电信科学, 2014, 30(7): 19-25. doi: 10.3969/ j.issn.1000-0801.2014.07.004.

CHEN J, LIU J W, WANG M M, et al. Security substrate based security management and control mechanism of reconfigurable network[J]. Telecommunications Science, 2014, 30(7): 19-25. doi: 10.3969/ j.issn.1000-0801.2014.07.004.

MOORE R. Global optimization to prescribed accuracy[J]. Computers Mathematics with Applications, 1991, 21(6/7): 2539. doi: 10.1016/0898-1221(91)90158-Z.

Gibb G. NetFPGA-10G project [OL]. https://github.com/ NetFPGA/NetFPGA-public/wiki, 2014.

GEBERT S, PRIES R, SCHLOSSER D, et al. Internet access traffic measurement and analysis[J]. LNCS, 2012, 7189: 2942. doi: 10.1007/978-3-642-28534-9_3.

Relative Articles

Supplements(0)

Cited By

Proportional views