A Policy-based Interaction Protocol between Software Defined Security Controller and Virtual Security Functions

Abstract

Cloud, Software-Defined Networking (SDN), and Network Function Virtualization (NFV) technologies have introduced a new era of cybersecurity threats and challenges. To protect cloud infrastructure, in our earlier work, we proposed Software Defined Security Service (SDS <sub xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sub> ) to tackle security challenges centered around a new policy-based interaction model. The security architecture consists of three main components: a Security Controller, Virtual Security Functions (VSF), and a Sec-Manage Protocol. However, the security architecture requires an agile and specific protocol to transfer interaction parameters and security messages between its components where OpenFlow considers mainly as network routing protocol. So, The Sec-Manage protocol has been designed specifically for obtaining policy-based interaction parameters among cloud entities between the security controller and its VSFs. This paper focuses on the design and the implementation of the Sec-Manage protocol and demonstrates its use in setting, monitoring, and conveying relevant policy-based interaction security parameters.