Automatic Data Model Mapper for Security Policy Translation in Interface to Network Security Functions Framework

Abstract

The Interface to Network Security Functions (I2NSF) Working Group in Internet Engineering Task Force (IETF) provides data models of interfaces to easily configure Network Security Functions (NSF). The Working Group presents a high-level data model and a low-level data model for configuring the NSFs. The high-level data model is used for the users to manipulate the NSFs configuration easily without any security expertise. But the NSFs cannot be configured using the high-level data model as it needs a low-level data model to properly deploy their security operation. For that reason, the I2NSF Framework needs a security policy translator to translate the high-level data model into the corresponding low-level data model. This paper improves the previously proposed Security Policy Translator by adding an Automatic Data Model Mapper. The proposed mapper focuses on the mapping between the elements in the high-level data model and the elements in low-level data model to automate the translation without the need for a security administrator to create a mapping table.