SDS<inf>2</inf>: A novel software-defined security service for protecting cloud computing infrastructure

Farahmandian, S; Hoang, DB

SDS<inf>2</inf>: A novel software-defined security service for protecting cloud computing infrastructure

Farahmandian, S Hoang, DB

Permalink

Publication Type:: Conference Proceeding
Citation:: 2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017, 2017, 2017-January pp. 1 - 8
Issue Date:: 2017-12-08

Closed Access

	Filename	Description	Size
	DH Software-Defined Security service_paper.pdf	Accepted Manuscript version	656.14 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Farahmandian, S	en_US
dc.contributor.author	Hoang, DB https://orcid.org/0000-0003-1798-4926	en_US
dc.date.issued	2017-12-08	en_US
dc.identifier.citation	2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017, 2017, 2017-January pp. 1 - 8	en_US
dc.identifier.isbn	9781538614655	en_US
dc.identifier.uri	http://hdl.handle.net/10453/126572
dc.description.abstract	© 2017 IEEE. Software-Defined Infrastructure (SDI) is a resource sharing infrastructure that embraces the concept of separation of the network control plane from its data plane, and software realization of network functions from the underlying hardware appliances through the virtualization technology in emerging infrastructures such as Cloud, Network Function Virtualization (NFV), and Software-Defined Networking (SDN). Virtualization and virtualized infrastructures bring with them new challenges regarding security and virtual resources protection. Traditional security measures and endpoint security are no longer adequate due to invisible boundaries created among shared logical and virtual entities among numerous users. This paper introduces a software-defined security service (SDS2) for protecting cloud infrastructures. SDS2 focuses on defining security concerns regarding physical and virtual boundaries of data, resources, tenants and detecting security breaches through violations of boundaries. Boundaries are defined by security policies and security violations by attackers are predicted, monitored, and detected when boundaries are crossed. This paper describes SDS2 and presents its initial implementation. The paper provides examples of policy-defined boundaries and shows the effectiveness and feasibility of our design in detecting invisible security boundaries through simulation of a security control structure and agile, dynamic, and intelligent VSFs.	en_US
dc.relation.ispartof	2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017	en_US
dc.relation.isbasedon	10.1109/NCA.2017.8171388	en_US
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	SDS<inf>2</inf>: A novel software-defined security service for protecting cloud computing infrastructure	en_US
dc.type	Conference Proceeding
utslib.citation.volume	2017-January	en_US
utslib.for	0806 Information Systems	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
utslib.copyright.status	closed_access	*
pubs.publication-status	Published	en_US
pubs.volume	2017-January	en_US

Abstract:

© 2017 IEEE. Software-Defined Infrastructure (SDI) is a resource sharing infrastructure that embraces the concept of separation of the network control plane from its data plane, and software realization of network functions from the underlying hardware appliances through the virtualization technology in emerging infrastructures such as Cloud, Network Function Virtualization (NFV), and Software-Defined Networking (SDN). Virtualization and virtualized infrastructures bring with them new challenges regarding security and virtual resources protection. Traditional security measures and endpoint security are no longer adequate due to invisible boundaries created among shared logical and virtual entities among numerous users. This paper introduces a software-defined security service (SDS2) for protecting cloud infrastructures. SDS2 focuses on defining security concerns regarding physical and virtual boundaries of data, resources, tenants and detecting security breaches through violations of boundaries. Boundaries are defined by security policies and security violations by attackers are predicted, monitored, and detected when boundaries are crossed. This paper describes SDS2 and presents its initial implementation. The paper provides examples of policy-defined boundaries and shows the effectiveness and feasibility of our design in detecting invisible security boundaries through simulation of a security control structure and agile, dynamic, and intelligent VSFs.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/126572