Automated Factorization of Security Chains in Software-Defined Networks

Nicolas Schnepf 1, 2 Rémi Badonnel 1 Abdelkader Lahmadi 1 Stephan Merz 2
1 RESIST - Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
2 VERIDIS - Modeling and Verification of Distributed Algorithms and Systems
MPII - Max-Planck-Institut für Informatik, Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Software-defined networking (SDN) offers new perspectives with respect to the programmability of networks and services. In particular in the area of security management, it may serve as a support for building and deploying security chains in order to protect devices that may have limited resources. These security chains are typically composed of different security functions, such as firewalls, intrusion detection systems, or data leakage prevention mechanisms. In previous work, we suggested the use of techniques for learning automata as a basis for generating security chains. However, the complexity and the high number of these chains induce significant deployment and orchestration costs. In this paper, we propose and evaluate algorithms for merging and simplifying these security chains in software-defined networks, while keeping acceptable accuracy. We first describe the overall system supporting the generation and factorization of the security chains. We then present the different algorithms supporting their merging, and finally we evaluate the solution through an extensive set of experiments.
Document type :
Conference papers
Complete list of metadatas

Cited literature [13 references]  Display  Hide  Download

https://hal.inria.fr/hal-02111656
Contributor : Rémi Badonnel <>
Submitted on : Friday, April 26, 2019 - 10:46:10 AM
Last modification on : Friday, May 3, 2019 - 9:26:29 AM

File

camera-ready.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02111656, version 1

Citation

Nicolas Schnepf, Rémi Badonnel, Abdelkader Lahmadi, Stephan Merz. Automated Factorization of Security Chains in Software-Defined Networks. IFIP/IEEE IM 2019 - IFIP/IEEE International Symposium on Integrated Network Management, Apr 2019, Washington, United States. ⟨hal-02111656⟩

Share

Metrics

Record views

53

Files downloads

284