Title :
A scalable flow rule translation implementation for software defined security
Author :
Hao Tu ; Weiming Li ; Dong Li ; Junqing Yu
Author_Institution :
Network & Comput. Center, Huazhong Univ. of Sci. & Technol., Wuhan, China
Abstract :
Software defined networking brings many possibilities to network security, one of the most important security challenge it can help with is the possibility to make network traffic pass through specific security devices, in other words, determine where to deploy these devices logically. However, most researches focus on high level policy and interaction framework but ignored how to translate them to low-level OpenFlow rules with scalability. We analyze different actions used in common security scenarios and resource constraints of physical switch. Based on them, we propose a rule translation implementation which can optimize the resource consumption according to different actions by selecting forward path dynamically.
Keywords :
computer network security; software defined networking; common security; high level policy; low level OpenFlow rules; network security; physical switch; resource constraints; scalable flow rule translation implementation; software defined networking; software defined security; Bandwidth; Communication networks; Mirrors; Monitoring; Ports (Computers); Security; Switches; network security; softwre defined networking;
Conference_Titel :
Network Operations and Management Symposium (APNOMS), 2014 16th Asia-Pacific
Conference_Location :
Hsinchu
DOI :
10.1109/APNOMS.2014.6996571
