SDS<inf>2</inf>: A novel software-defined security service for protecting cloud computing infrastructure

Publication Type:
Conference Proceeding
Citation:
2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017, 2017, 2017-January pp. 1 - 8
Issue Date:
2017-12-08
Full metadata record
Files in This Item:
Filename Description Size
DH Software-Defined Security service_paper.pdfAccepted Manuscript version656.14 kB
Adobe PDF
© 2017 IEEE. Software-Defined Infrastructure (SDI) is a resource sharing infrastructure that embraces the concept of separation of the network control plane from its data plane, and software realization of network functions from the underlying hardware appliances through the virtualization technology in emerging infrastructures such as Cloud, Network Function Virtualization (NFV), and Software-Defined Networking (SDN). Virtualization and virtualized infrastructures bring with them new challenges regarding security and virtual resources protection. Traditional security measures and endpoint security are no longer adequate due to invisible boundaries created among shared logical and virtual entities among numerous users. This paper introduces a software-defined security service (SDS2) for protecting cloud infrastructures. SDS2focuses on defining security concerns regarding physical and virtual boundaries of data, resources, tenants and detecting security breaches through violations of boundaries. Boundaries are defined by security policies and security violations by attackers are predicted, monitored, and detected when boundaries are crossed. This paper describes SDS2and presents its initial implementation. The paper provides examples of policy-defined boundaries and shows the effectiveness and feasibility of our design in detecting invisible security boundaries through simulation of a security control structure and agile, dynamic, and intelligent VSFs.
Please use this identifier to cite or link to this item: