Automated Factorization of Security Chains in Software-Defined Networks

Nicolas Schnepf, Rémi Badonnel, Abdelkader Lahmadi, and Stephan Merz

Abstract

Software-defined networking (SDN) offers new perspectives with respect to the programmability of networks and services. In particular in the area of security management, it may serve as a support for building and deploying security chains in order to protect devices that may have limited resources. These security chains are typically composed of different security functions, such as firewalls, intrusion detection systems, or data leakage prevention mechanisms. In previous work, we suggested the use of techniques for learning automata as a basis for generating security chains. However, the complexity and the high number of these chains induce significant deployment and orchestration costs. In this paper, we propose and evaluate algorithms for merging and simplifying these security chains in software-defined networks, while keeping acceptable accuracy. We first describe the overall system supporting the generation and factorization of the security chains. We then present the different algorithms supporting their merging, and finally we evaluate the solution through an extensive set of experiments.

Available as: PDF

Reference

@inproceedings{schnepf:factorization,
  TITLE = {Automated Factorization of Security Chains in Software-Defined Networks},
  AUTHOR = {Schnepf, Nicolas and Badonnel, R{\'e}mi and Lahmadi, Abdelkader and Merz, Stephan},
  BOOKTITLE = {IFIP/IEEE Intl. Symp. Integrated Network Management (IM 2019)},
  pages = {374--380},
  editor    = {Joe Betser and
               Carol J. Fung and
               Alex Clemm and
               J{\'{e}}r{\^{o}}me Fran{\c{c}}ois and
               Shingo Ata},
  publisher = {IFIP},
  ADDRESS = {Washington, United States},
  YEAR = {2019},
}