The security function dynamic calling scheme for software-defined security

Abstract

With the rapid development of cloud computing, various network attack methods are becoming more advanced, and the attack speed is getting faster. Traditional security protection solutions can no longer adapt to new network attacks, bringing significant challenges to security protection in virtualized network environments such as cloud computing. Based on these problems, this paper proposes a dynamic calling mechanism of security functions for software-defined security based on software-defined network technology. This mechanism defined the strategies of dynamically scheduling of virtual security service nodes in the virtualized network environment. The strategies describe the network’s data flow and virtual security devices by extending the attribute-based access control policy model. It can dynamically construct the mapping relationship between network flow and virtual security devices according to users’ security requirements, thus forming a personalized security service chain for specific network flows. This mechanism can protect the “north-south” network flow at the IoT edge agent according to the user security business requirements.