A Framework for Managing User-defined Security Policies to Support Network Security Functions

  title={A Framework for Managing User-defined Security Policies to Support Network Security Functions},
  author={Eunsoo Kim and Kuyju Kim and Seungjin Lee and Jaehoon Paul Jeong and Hyoungshick Kim},
  journal={Proceedings of the 12th International Conference on Ubiquitous Information Management and Communication},
  • Eunsoo Kim, Kuyju Kim, +2 authors Hyoungshick Kim
  • Published 5 January 2018
  • Computer Science
  • Proceedings of the 12th International Conference on Ubiquitous Information Management and Communication
Network Functions Virtualization (NFV) and Software Defined Networking (SDN) make it easier for security administrators to manage security policies on a network system. However, it is still challenging to map high-level security policies defined by users into low-level security policies that can be applied to network security devices. To address this problem, we introduce a framework for effectively managing user-defined security policies for network security functions based on standard… Expand
1 Citations
Balanceamento entre segurança e desempenho na comunicação entre os planos de controle e dados em redes definidas por software
Atualmente, a criptografia e utilizada como um padrao para proteger o trafego de dados pela Internet. Por exemplo, em uma rede definida por software, e possivel proteger o canal de comunicacao doExpand


A flexible architecture for orchestrating network security functions to support high-level security policies
This work proposes a generic architecture for security management service based on Network Security Functions (NSF) using NFV that allows users to define their security requirements in a user-friendly manner by providing the users with high-level security interfaces that do not require specific information about network resources and protocols. Expand
Security challenges with network functions virtualization
An overview of NFV is provided, potentially serious security threats on NFV are discussed, effective countermeasures to mitigate those threats are introduced and some practical solutions are suggested to provide a trustworthy platform for NFV. Expand
Client Interface for Security Controller : A Framework for Security Policy Requirements
This document provides a framework and information model for the definition of northbound interfaces for a security controller. The interfaces are based on user-intent instead of vendor-specific orExpand
Enhancing Network Security through Software Defined Networking (SDN)
This systematic survey on SDN security investigates how the new features provided by SDN can help enhance network security and information security process and hopes to provide new insights for future research in this important area. Expand
Framework for Interface to Network Security Functions
This document describes the framework for Interface to Network Security Functions (I2NSF) and defines a reference model (including major functional components) for I2NSF. Network Security FunctionsExpand
A framework for translating a high level security policy into low level security mechanisms
A framework of an automation process that translates a high level security policy into low level security mechanisms and extends the organization based access control (OrBAC) model to include not only access control policy but also some other administrative security policies like auditing policy is introduced. Expand
Using Software-Defined Networking for Ransomware Mitigation: The Case of CryptoWall
The design of an SDN-based system is described, implemented using OpenFlow, that facilitates a timely reaction to this threat, and is a crucial factor in the case of crypto ransomware. Expand
Extending Networking into the Virtualization Layer
This work describes how Open vSwitch can be used to tackle problems such as isolation in joint-tenant environments, mobility across subnets, and distributing configuration and visibility across hosts. Expand
NFV: state of the art, challenges, and implementation in next generation mobile networks (vEPC)
In order to reduce signaling traffic and achieve better performance, this article proposes a criterion to bundle multiple functions of a virtualized evolved packet core in a single physical device or a group of adjacent devices. Expand
DDoS Attack Detection and Mitigation Using SDN: Methods, Practices, and Solutions
Distributed denial-of-service (DDoS) attacks have become a weapon of choice for hackers, cyber extortionists, and cyber terrorists. These attacks can swiftly incapacitate a victim, causing hugeExpand