Improving network security through SDN in cloud scenarios

The recent emergence of cloud enabled applications raises security concerns increasingly, since more and more personal and company data is outsourced. The security of single systems and services was broadly treated in the past. Cloud systems and services require a more detailed observation of their security requirements and fulfillment, since a huge amount of services and systems coexist on one virtualization layer without knowing other systems on the same layer. Only the cloud provider has a rare idea of these systems´ behavior in his own cloud environment. Therefore this work proposes a network security approach which is aware of all existing systems and services hosted by at least one cloud provider. The main idea is to maintain a logically centralized database that provides latest security related information about each system or service. Using this knowledge base, our approach ponders a systems´ security score, security requirements given by the systems´ owners and the cloud provider, and reconfigures the network accordingly to meet the security requirements for every system. In addition, the reconfiguration process can be used to redirect traffic to additional security systems, in order to obtain more detailed information about a system and therefore increase the accuracy of the specific systems´ security score.