Abstract

Multi-tenant cloud networks have various security and monitoring service functions (SFs) that constitute a service function chain (SFC) between two endpoints. SF rule ordering overlaps and policy conflicts can cause increased latency, service disruption and security breaches in cloud networks. Software Defined Network (SDN) based Network Function Virtualization (NFV) has emerged as a solution that allows dynamic SFC composition and traffic steering in a cloud network. We propose an SDN enabled Universal Policy Checking (SUPC) framework, to provide 1) Flow Composition and Ordering by translating various SF rules into the OpenFlow format. This ensures elimination of redundant rules and policy compliance in SFC. 2) Flow conflict analysis to identify conflicts in header space and actions between various SF rules. Our results show a significant reduction in SF rules on composition. Additionally, our conflict checking mechanism was able to identify several rule conflicts that pose security, efficiency, and service availability issues in the cloud network.

Original languageEnglish (US)
Title of host publication2019 International Conference on Computing, Networking and Communications, ICNC 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages572-576
Number of pages5
ISBN (Electronic)9781538692233
DOIs
StatePublished - Apr 8 2019
Event2019 International Conference on Computing, Networking and Communications, ICNC 2019 - Honolulu, United States
Duration: Feb 18 2019Feb 21 2019

Publication series

Name2019 International Conference on Computing, Networking and Communications, ICNC 2019

Conference

Conference2019 International Conference on Computing, Networking and Communications, ICNC 2019
CountryUnited States
CityHonolulu
Period2/18/192/21/19

Fingerprint

Chemical analysis
Software defined networking
Availability
Monitoring
Compliance
Network function virtualization

Keywords

  • Network Function Virtualization (NFV)
  • Security Policy Conflicts
  • Service Function Chaining (SFC)
  • Software Defined Network (SDN)

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Hardware and Architecture

Cite this

Chowdhary, A., Alshamrani, A., & Huang, D. (2019). SUPC: SDN enabled Universal Policy Checking in Cloud Network. In 2019 International Conference on Computing, Networking and Communications, ICNC 2019 (pp. 572-576). [8685550] (2019 International Conference on Computing, Networking and Communications, ICNC 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICCNC.2019.8685550

SUPC : SDN enabled Universal Policy Checking in Cloud Network. / Chowdhary, Ankur; Alshamrani, Adel; Huang, Dijiang.

2019 International Conference on Computing, Networking and Communications, ICNC 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 572-576 8685550 (2019 International Conference on Computing, Networking and Communications, ICNC 2019).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chowdhary, A, Alshamrani, A & Huang, D 2019, SUPC: SDN enabled Universal Policy Checking in Cloud Network. in 2019 International Conference on Computing, Networking and Communications, ICNC 2019., 8685550, 2019 International Conference on Computing, Networking and Communications, ICNC 2019, Institute of Electrical and Electronics Engineers Inc., pp. 572-576, 2019 International Conference on Computing, Networking and Communications, ICNC 2019, Honolulu, United States, 2/18/19. https://doi.org/10.1109/ICCNC.2019.8685550
Chowdhary A, Alshamrani A, Huang D. SUPC: SDN enabled Universal Policy Checking in Cloud Network. In 2019 International Conference on Computing, Networking and Communications, ICNC 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 572-576. 8685550. (2019 International Conference on Computing, Networking and Communications, ICNC 2019). https://doi.org/10.1109/ICCNC.2019.8685550
Chowdhary, Ankur ; Alshamrani, Adel ; Huang, Dijiang. / SUPC : SDN enabled Universal Policy Checking in Cloud Network. 2019 International Conference on Computing, Networking and Communications, ICNC 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 572-576 (2019 International Conference on Computing, Networking and Communications, ICNC 2019).
@inproceedings{abec3716b1f74b4b9da7443c61e26fce,
title = "SUPC: SDN enabled Universal Policy Checking in Cloud Network",
abstract = "Multi-tenant cloud networks have various security and monitoring service functions (SFs) that constitute a service function chain (SFC) between two endpoints. SF rule ordering overlaps and policy conflicts can cause increased latency, service disruption and security breaches in cloud networks. Software Defined Network (SDN) based Network Function Virtualization (NFV) has emerged as a solution that allows dynamic SFC composition and traffic steering in a cloud network. We propose an SDN enabled Universal Policy Checking (SUPC) framework, to provide 1) Flow Composition and Ordering by translating various SF rules into the OpenFlow format. This ensures elimination of redundant rules and policy compliance in SFC. 2) Flow conflict analysis to identify conflicts in header space and actions between various SF rules. Our results show a significant reduction in SF rules on composition. Additionally, our conflict checking mechanism was able to identify several rule conflicts that pose security, efficiency, and service availability issues in the cloud network.",
keywords = "Network Function Virtualization (NFV), Security Policy Conflicts, Service Function Chaining (SFC), Software Defined Network (SDN)",
author = "Ankur Chowdhary and Adel Alshamrani and Dijiang Huang",
year = "2019",
month = "4",
day = "8",
doi = "10.1109/ICCNC.2019.8685550",
language = "English (US)",
series = "2019 International Conference on Computing, Networking and Communications, ICNC 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "572--576",
booktitle = "2019 International Conference on Computing, Networking and Communications, ICNC 2019",

}

TY - GEN

T1 - SUPC

T2 - SDN enabled Universal Policy Checking in Cloud Network

AU - Chowdhary, Ankur

AU - Alshamrani, Adel

AU - Huang, Dijiang

PY - 2019/4/8

Y1 - 2019/4/8

N2 - Multi-tenant cloud networks have various security and monitoring service functions (SFs) that constitute a service function chain (SFC) between two endpoints. SF rule ordering overlaps and policy conflicts can cause increased latency, service disruption and security breaches in cloud networks. Software Defined Network (SDN) based Network Function Virtualization (NFV) has emerged as a solution that allows dynamic SFC composition and traffic steering in a cloud network. We propose an SDN enabled Universal Policy Checking (SUPC) framework, to provide 1) Flow Composition and Ordering by translating various SF rules into the OpenFlow format. This ensures elimination of redundant rules and policy compliance in SFC. 2) Flow conflict analysis to identify conflicts in header space and actions between various SF rules. Our results show a significant reduction in SF rules on composition. Additionally, our conflict checking mechanism was able to identify several rule conflicts that pose security, efficiency, and service availability issues in the cloud network.

AB - Multi-tenant cloud networks have various security and monitoring service functions (SFs) that constitute a service function chain (SFC) between two endpoints. SF rule ordering overlaps and policy conflicts can cause increased latency, service disruption and security breaches in cloud networks. Software Defined Network (SDN) based Network Function Virtualization (NFV) has emerged as a solution that allows dynamic SFC composition and traffic steering in a cloud network. We propose an SDN enabled Universal Policy Checking (SUPC) framework, to provide 1) Flow Composition and Ordering by translating various SF rules into the OpenFlow format. This ensures elimination of redundant rules and policy compliance in SFC. 2) Flow conflict analysis to identify conflicts in header space and actions between various SF rules. Our results show a significant reduction in SF rules on composition. Additionally, our conflict checking mechanism was able to identify several rule conflicts that pose security, efficiency, and service availability issues in the cloud network.

KW - Network Function Virtualization (NFV)

KW - Security Policy Conflicts

KW - Service Function Chaining (SFC)

KW - Software Defined Network (SDN)

UR - http://www.scopus.com/inward/record.url?scp=85064974392&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85064974392&partnerID=8YFLogxK

U2 - 10.1109/ICCNC.2019.8685550

DO - 10.1109/ICCNC.2019.8685550

M3 - Conference contribution

AN - SCOPUS:85064974392

T3 - 2019 International Conference on Computing, Networking and Communications, ICNC 2019

SP - 572

EP - 576

BT - 2019 International Conference on Computing, Networking and Communications, ICNC 2019

PB - Institute of Electrical and Electronics Engineers Inc.

ER -