Analysis of policy-based security management system in software-defined networks

Sood, Keshav; Karmakar, Kallol Krishna; Varadharajan, Vijay; Tupakula, Uday; Yu, Shui

doi:10.1109/LCOMM.2019.2898864

Author(s)

Sood, Keshav

Karmakar, Kallol Krishna

Varadharajan, Vijay

Tupakula, Uday

Yu, Shui

Publication Date

2019-04

Abstract

<p>In software-defined networks, policy-based security management or architecture (PbSA) is an ideal way to dynamically control the network. We observe that on the one hand, this enables security capabilities intelligently and enhance fine-grained control over end user behavior. But, on the other hand, dynamic variations in network, rapid increases in security attacks, geographical distribution of nodes, complex heterogeneous networks, and so on have serious effects on the performance of PbSAs. These affect the flow specific quality of service requirements with further degradation of the performance of the security context. Hence, in this letter, PbSA's performance is evaluated. The key factors including a number of rules, rule-table size, position of rules, flow arrival rate, and CPU utilization are examined, and found to have considerable impact on the performance of PbSAs.</p>

Citation

IEEE Communications Letters, 23(4), p. 612-615

ISSN

1558-2558

1089-7798

Link

https://hdl.handle.net/1959.11/56792

Language

en

Publisher

Institute of Electrical and Electronics Engineers

Title

Analysis of policy-based security management system in software-defined networks

Type of document

Journal Article

Entity Type

Publication

Author(s)	Sood, Keshav Karmakar, Kallol Krishna Varadharajan, Vijay Tupakula, Uday Yu, Shui
Publication Date	2019-04
Abstract	<p>In software-defined networks, policy-based security management or architecture (PbSA) is an ideal way to dynamically control the network. We observe that on the one hand, this enables security capabilities intelligently and enhance fine-grained control over end user behavior. But, on the other hand, dynamic variations in network, rapid increases in security attacks, geographical distribution of nodes, complex heterogeneous networks, and so on have serious effects on the performance of PbSAs. These affect the flow specific quality of service requirements with further degradation of the performance of the security context. Hence, in this letter, PbSA's performance is evaluated. The key factors including a number of rules, rule-table size, position of rules, flow arrival rate, and CPU utilization are examined, and found to have considerable impact on the performance of PbSAs.</p>
Citation	IEEE Communications Letters, 23(4), p. 612-615
ISSN	1558-2558 1089-7798
Link	https://hdl.handle.net/1959.11/56792
Language	en
Publisher	Institute of Electrical and Electronics Engineers
Title	Analysis of policy-based security management system in software-defined networks
Type of document	Journal Article
Entity Type	Publication

Analysis of policy-based security management system in software-defined networks

Files: