Visible to the public SUPC: SDN enabled Universal Policy Checking in Cloud Network

TitleSUPC: SDN enabled Universal Policy Checking in Cloud Network
Publication TypeConference Paper
Year of Publication2019
AuthorsChowdhary, Ankur, Alshamrani, Adel, Huang, Dijiang
Conference Name2019 International Conference on Computing, Networking and Communications (ICNC)
Date Publishedfeb
Keywordscloud computing, composability, computer network security, conflict checking mechanism, Dynamic Networks and Security, dynamic SFC composition, Firewalls (computing), Metrics, Middleboxes, monitoring service functions, multitenant cloud networks, network function virtualization, Network Function Virtualization (NFV), NFV, policy conflicts, Protocols, pubcrawl, Resiliency, SDN enabled universal policy checking, security breaches, Security Policies Analysis, Security Policy Conflicts, service function chain, Service Function Chaining (SFC), SF rule ordering overlaps, SF rules, Software Defined Network, Software Defined Network (SDN), software defined networking, SUPC, Virtual private networks, virtualisation

Multi-tenant cloud networks have various security and monitoring service functions (SFs) that constitute a service function chain (SFC) between two endpoints. SF rule ordering overlaps and policy conflicts can cause increased latency, service disruption and security breaches in cloud networks. Software Defined Network (SDN) based Network Function Virtualization (NFV) has emerged as a solution that allows dynamic SFC composition and traffic steering in a cloud network. We propose an SDN enabled Universal Policy Checking (SUPC) framework, to provide 1) Flow Composition and Ordering by translating various SF rules into the OpenFlow format. This ensures elimination of redundant rules and policy compliance in SFC. 2) Flow conflict analysis to identify conflicts in header space and actions between various SF rules. Our results show a significant reduction in SF rules on composition. Additionally, our conflict checking mechanism was able to identify several rule conflicts that pose security, efficiency, and service availability issues in the cloud network.

Citation Keychowdhary_supc_2019