Towards a Software-Defined Security Framework for Supporting Distributed Cloud

Cloud computing provides new facilities for building elaborated services hosted through various infrastructures over the Internet. In the meantime, these ones pose new important challenges in terms of security due to their intrinsic nature. We propose in this paper to detail a software-defined security framework supporting the protection of these services, in the context of distributed cloud. These ones require security mechanisms able to cope with their multi-tenancy and multi-cloud properties. The foundations of this framework rely on the software-defined logic to express and propagate security policies to the considered cloud resources, and on the autonomic paradigm to dynamically configure and adjust these mechanisms to distributed cloud constraints. In particular, we describe the main components and protocols of this software-defined security framework, evaluate this one and discuss implementation considerations, through the analysis of different realistic scenarios.

[1]  Tommy Koorevaar Dynamic Enforcement of Security Policies in Multi-Tenant Cloud Networks , 2012 .

[2]  Hyoungshick Kim,et al.  Software-Defined Networking Based Security Services using Interface to Network Security Functions , 2016 .

[3]  Eve Maler OASIS Security Assertion Markup , 2002 .

[4]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[5]  Alysson Neves Bessani,et al.  The TClouds Platform: From the Concept to the Implementation of Benchmark Scenarios , 2014, OPSR.

[6]  Gabi Dreo Rodosek,et al.  ICEMAN: An architecture for secure federated inter-cloud identity management , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[7]  Gaetan Hurel,et al.  Behavioral and dynamic security functions chaining for Android devices , 2015, 2015 11th International Conference on Network and Service Management (CNSM).

[8]  Jennifer Golbeck,et al.  Trust on the World Wide Web: A Survey , 2006, Found. Trends Web Sci..

[9]  Michael Schapira,et al.  VeriCon: towards verifying controller programs in software-defined networks , 2014, PLDI.

[10]  Ehab Al-Shaer,et al.  FlowChecker: configuration analysis and verification of federated openflow infrastructures , 2010, SafeConfig '10.

[11]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[12]  Remi Badonnel,et al.  A Software-Defined Security Strategy for Supporting Autonomic Security Enforcement in Distributed Cloud , 2016, 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).

[13]  Charalabos Skianis,et al.  Policy Based Management for Security in Cloud Computing , 2011, STA Workshops.

[14]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[15]  Minlan Yu,et al.  FlowTags: enforcing network-wide policies in the presence of dynamic middlebox actions , 2013, HotSDN '13.

[16]  Olubisi Runsewe,et al.  A Policy-Based Management Framework For Cloud Computing Security , 2014 .

[17]  Karen A. Scarfone,et al.  The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 , 2009 .