Abstract
IoT systems can be leveraged by Network Function Virtualization (NFV) and Software-Defined Networking (SDN) technologies, thereby strengthening their overall flexibility, security and resilience. In this sense, adaptive and policy-based security frameworks for SDN/NFV-aware IoT systems can provide a remarkable added value for self-protection and self-healing, by orchestrating and enforcing dynamically security policies and associated Virtual Network Functions (VNF) or Virtual network Security Functions (VSF) according to the actual context. However, this security orchestration is subject to multiple possible inconsistencies between the policies to enforce, the already enforced management policies and the evolving status of the managed IoT system. In this regard, this paper presents a semantic-aware, zero-touch and policy-driven security orchestration framework for autonomic and conflict-less security orchestration in SDN/NFV-aware IoT scenarios while ensuring optimal allocation and Service Function Chaining (SFC) of VSF. The framework relies on Semantic technologies and considers the security policies and the evolving IoT system model to dynamically and formally detect any semantic conflict during the orchestration. In addition, our optimized SFC algorithm maximizes the QoS, security aspects and resources usage during VSF allocation. The orchestration security framework has been implemented and validated showing its feasibility and performance to detect the conflicts and optimally enforce the VSFs.
Highlights
As the Internet of Things (IoT) is being extensively adopted in our society, the security issues associated are increasing
They are not included here for the sake of space, additional semantic rules are defined to check whether the security level calculated for the Medium-level Security Policy Language (MSPL) security parameters is higher than the one that can be implemented by the selected Virtual Network Functions (VNF)
This paper has presented a semantic-aware and policy-based security orchestration framework for Software-Defined Networking (SDN)/Network Function Virtualization (NFV)-aware IoT systems
Summary
As the Internet of Things (IoT) is being extensively adopted in our society, the security issues associated are increasing . Cloud computing techniques to provide elastic capabilities needed to achieve a fast reaction and recovery from cyberattacks In this sense, lightweight Virtual network Security Functions (VSF) such as vFirewalls [3], vAAA [4], vIDS or vIoT-Honeynet [5] can be dynamically allocated and orchestrated in the IoT domain, while the SDN approach can help to dynamically (re)configure the network by software, splitting the control and data planes. The Orchestrator performs a context-based rule reasoning, i.e., a formal validation of the syntactic and semantic facts in the KB, looking for conflicts between the already enforced security policies, the newly added ones and the contextual IoT network and system situation This process allows verifying that the new policies are enforceable considering the current system and networks status, the expected versus available security levels, time and other system conditions, as well as available security enablers, i.e., available VSF.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.