Skip to main content
SpringerLink
Log in

SDN-based Dynamic Policy Specification and Enforcement for Provisioning SECaaS in Cloud

  • Conference paper
  • First Online:
Web Information Systems Engineering – WISE 2017 (WISE 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10570))

Included in the following conference series:

Abstract

In this paper we make use of SDN for provisioning of Security as a Service (SECaaS) to the tenant and simplify the security management in cloud. We have developed a Security Application (SA) for the SDN Controller which is used for capturing the tenant security requirements and enforcing the related security policies for securing their virtual machines (VMs). We have developed a security policy specification language for enforcing TPM, Access Control and Intrusion Detection related security policies with the SA. Finally we present the prototype implementation of our approach and some performance results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Amazon, E.: Amazon elastic compute cloud (amazon ec2). Amazon Elastic Compute Cloud (Amazon EC2) (2010)

    Google Scholar 

  2. Bauman, E., et al.: A survey on hypervisor-based monitoring: approaches, applications, and evolutions. ACM Comput. Surv. (CSUR) 48(1), 10 (2015)

    Article  Google Scholar 

  3. Benninger, C., et al.: Maitland: lighter-weight vm introspection to support cyber-security in the cloud. In: 2012 IEEE 5th International Conference on Cloud Computing (CLOUD), pp. 471–478. IEEE (2012)

    Google Scholar 

  4. Blanc, M., et al.: Mandatory access protection within cloud systems. In: Security, Privacy and Trust in Cloud Systems, pp. 145–173. Springer, Heidelberg (2014)

    Google Scholar 

  5. Duan, Y., et al.: Various aas of everything as a service. In: 2015 16th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), pp. 1–6. IEEE (2015)

    Google Scholar 

  6. Foundation, O.N.: Software-defined networking: the new norm for networks. https://www.opennetworking.org/images/stories/downloads/sdnresources/white-papers/wp-sdn-newnorm.pdf. Accessed 12 Dec 2015

  7. Fu, Y., et al.: Bridging the semantic gap in virtual machine introspection via binary code reuse. Ph.D. thesis, The University of Texas at Dallas (2016)

    Google Scholar 

  8. Garfinkel, T., et al.: A virtual machine introspection based architecture for intrusion detection. NDSS 3, 191–206 (2003)

    Google Scholar 

  9. Hasan, M.M., et al.: Encryption as a service for smart grid advanced metering infrastructure. In: 2015 IEEE Symposium on Computers and Communication (ISCC), pp. 216–221. IEEE (2015)

    Google Scholar 

  10. Hussain, M., et al.: Secaas: security as a service for cloud-based applications. In: Proceedings of the Second Kuwait Conference on e-Services and e-Systems. p. 8. ACM (2011)

    Google Scholar 

  11. Jain, B., et al.: SoK: Introspections on trust and the semantic gap. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 605–620. IEEE (2014)

    Google Scholar 

  12. Liu, J., et al.: Leveraging software-defined networking for security policy enforcement. Inf. Sci. 327, 288–299 (2016)

    Article  Google Scholar 

  13. Luo, Y., et al.: Modeling, conflict detection, and verification of a new virtualization role-based access control framework. Secur. Commun. Netw. 8(10), 1904–1925 (2015)

    Article  Google Scholar 

  14. Mell, P., et al.: The NIST definition of cloud computing (2011)

    Google Scholar 

  15. Microsoft Corporation: Windows Azure. http://www.windowsazure.com/en-us/ (2011)

  16. Naik, Y.: Xen-Cap: a capability framework for Xen (2013)

    Google Scholar 

  17. Payne, B.D.: Simplifying virtual machine introspection using LibVMI. Sandia report, pp. 43–44 (2012)

    Google Scholar 

  18. Sahay, R., et al.: Adaptive policy-driven attack mitigation in SDN. In: Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures, p. 4. ACM (2017)

    Google Scholar 

  19. Sailer, R., et al.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: Computer Security Applications Conference, 21st Annual, p. 10. IEEE (2005)

    Google Scholar 

  20. Sfyrakis, I., et al.: Virtuscap: capability-based access control for unikernels. In: 2017 IEEE International Conference on Cloud Engineering (IC2E), pp. 226–237. IEEE (2017)

    Google Scholar 

  21. Sgandurra, D., et al.: Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. (CSUR) 48(3), 46 (2016)

    Article  Google Scholar 

  22. Suneja, S., et al.: Safe inspection of live virtual machines. In: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 97–111. ACM (2017)

    Google Scholar 

  23. Tpm, T.: Main part 1 design principles specification version 1.2 (2003)

    Google Scholar 

  24. Yu, S., et al.: A security-awareness virtual machine management scheme based on Chinese wall policy in cloud computing. The Scientific World Journal (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Advanced Cyber Security Research Centre, The University of Newcastle, Callaghan, Australia

    Uday Tupakula, Vijay Varadharajan & Kallol Karmakar

Authors
  1. Uday Tupakula
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vijay Varadharajan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kallol Karmakar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Uday Tupakula .

Editor information

Editors and Affiliations

  1. University of Sydney, Darlington, NSW, Australia

    Athman Bouguettaya

  2. Zhejiang University, Hangzhou, China

    Yunjun Gao

  3. Institute of Computing for Physics and Technology, Protvino, Russia

    Andrey Klimenko

  4. Nanyang Technological University, Singapore, Singapore

    Lu Chen

  5. King Abdullah University of Science and Technology, Thuwal, Saudi Arabia

    Xiangliang Zhang

  6. Institute of Computing for Physics and Technology, Protvino, Russia

    Fedor Dzerzhinskiy

  7. Shanghai Jiao Tong University, Minhang Qu, China

    Weijia Jia

  8. Institute of Computing for Physics and Technology, Protvino, Russia

    Stanislav V. Klimenko

  9. City University of Hong Kong, Kowloon, Hong Kong

    Qing Li

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Tupakula, U., Varadharajan, V., Karmakar, K. (2017). SDN-based Dynamic Policy Specification and Enforcement for Provisioning SECaaS in Cloud. In: Bouguettaya, A., et al. Web Information Systems Engineering – WISE 2017. WISE 2017. Lecture Notes in Computer Science(), vol 10570. Springer, Cham. https://doi.org/10.1007/978-3-319-68786-5_44

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68786-5_44

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68785-8

  • Online ISBN: 978-3-319-68786-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation