SecaaS Framework and Architecture: A Design of Dynamic Packet Control

This paper introduces SecaaS framework, a solution that allows security vendors to move their business into the cloud. By doing so, it is possible for tenants of SecaaS framework to freely choose between various security products depending on their own business requirements. OpenFlow protocol is applied in our framework to control the data paths of tenants and forward those data to a chaining of subscribed services before going out to the Internet. This paper also proposes the OpenFlow Dynamic Packet Control (ODPC) system for optimizing network stability and performance of our system when a new service is added or existing service is removed. ODPC system, which works as an application, will calculate the cost of delay for data paths inside of our network and set-up the path that guarantees the minimum delay for each tenant. The contribution of this paper includes the solution to solve the vendor locked-in limitation in others’ SecaaS architecture. Moreover, this architecture is also considered as a solution for small scale security vendors to move their products into the cloud. In this paper, the proof-of-concept for SecaaS framework is also presented through demonstration. Furthermore, the ODPC system is considered as one of our efforts in order to improve the network performance in our system.