SDN Based Security Services

doi:10.19729/j.cnki.1673-5188.2018.04.003

ZTE Communications ›› 2018, Vol. 16 ›› Issue (4): 9-14.DOI: 10.19729/j.cnki.1673-5188.2018.04.003

• Special Topic • Previous Articles Next Articles

SDN Based Security Services

ZHANG Yunyong, XU Lei, TAO Ye

China Unicom, Beijing 100032, China

Received:2018-07-01 Online:2018-07-01 Published:2018-10-25
About author:ZHANG Yunyong (zhangyy@chiaunicom.cn) serves as President of China Unicom Research Institute, Vice President of the Ministry of Industry and Information Technology SDN Industry Alliance, China, Vice President of the Technical Committee for New Prominent Forum in China Institute of Telecommunications. He is also a professor-level senior engineer, outstanding member of China Computer Federation, member of the 13th National Committee of CPPCC, national candidate for the Project of Millions of Talents. He was awarded the State Department Special Allowance and the title of “China’s Middle-aged and Young Experts with Outstanding Contributions”. He has achieved 64 authorized patents and 37 software copyrights.|XU Lei (xulei56@chinaunicom.cn) is a manager of cloud computing with China Unicom Research Institute. His research interests include cloud computing, SDN/NFV, and information security. He has achieved 20 authorized patents and 20 software copyrights. He is an editor of very first worldwide ITU cloud computing standards.|TAO Ye (taoy10@chinaunicom.cn) is the director of the Cloud Security Research Group of China Unicom Research Institute. His research interests include information security, network security, SDN/NFV security, and anti-telecom fraud. He has achieved 10 authorized patents and 10 software copyrights. He is the chief-editor of 2 published ITU standards.

Abstract

Abstract:

With the development and revolution of network in recent years, the scale and complexity of network have become big issues. Traditional hardware based network security solution has shown some significant disadvantages in cloud computing based Internet data centers (IDC), such as high cost and lack of flexibility. With the implementation of software defined networking (SDN), network security solution could be more flexible and efficient, such as SDN based firewall service and SDN based DDoS-attack mitigation service. Moreover, combined with cloud computing and SDN technology, network security services could be lighter-weighted, more flexible, and on-demanded. This paper analyzes some typical SDN based network security services, and provide a research on SDN based cloud security service (network security service pool) and its implementation in IDCs.

Key words: SDN, network security, cloud security service

ZHANG Yunyong, XU Lei, TAO Ye. SDN Based Security Services[J]. ZTE Communications, 2018, 16(4): 9-14.

Figures/Tables 9

Figure 1. Centralized firewall service in intra-domain.

Figure 2. An example scenario of centralized firewall service.

Figure 3. Centralized honeypot service in intra-domain.

Figure 4. An example scenario for centralized honeypot service.

Figure 5. Centralized DDoS-attack mitigation service in inter-domain.

Figure 6. An example scenario for centralized DDoS-attack mitigation for stateless servers.

Figure 7. An example scenario for centralized DDoS-attack mitigation for stateful servers.

Figure 8. SDN based cloud security service.

Figure 9. Process of SDN based cloud security service.

References 11

[1]	J. Carapinha, P. Feil, P. Weissmann, et al., “Network virtualization-opportunities and challenges for operators,” in Future Internet - FIS 2010, J. Carapinha, P. Feil, P. Weissmann, et al. eds. Berlin/Heidelberg, Germany: Springer Berlin Heidelberg, 2010, pp. 138-147.
[2]	D. A. Joseph, A. Tavakoli,I. Stoica, “A policy-aware switching layer for data centers,” in Proc. ACM SIGCOMM 2008 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Seattle, USA. 2008, pp. 51-62. doi:10.1145/1402958.1402966.
[3]	Security Requirements and Reference Architecture for Software-Defined Networking, ITU-T X.1038, Oct. 2016.
[4]	Service Function Chaining (SFC) Architecture, IETF RFC 7665, Oct. 2015.
[5]	Z. Y. Hu, M. W. Wang, X. Q. Yan, et al., “A comprehensive security architecture for SDN,” in IEEE 18th International Conference on Intelligence in Next Generation Networks, Paris, France, 2015, pp. 30-37. doi:10.1109/ICIN.2015.7073803.
[6]	Security Services Using the Software-Defined Networking, ITU-T X.1042, Sept. 2018.
[7]	R. Bifulco G. Karame G, “Towards a richer set of services in software-defined networks,” in 2014 Workshop on Security of Emerging Networking Technologies, San Diego, USA, 2014. doi:10.14722/sent.2014.23006.
[8]	Functional Requirements of Software-Defined Networking, ITU-T Y.3301, Sept. 2016.
[9]	Security Framework for Cloud Computing, ITU-T X.1601, Oct. 2015.
[10]	Security Requirements for Software as a Service Application Environments, ITU-T X.1602, Mar. 2016.
[11]	Functional Architecture of Software-Defined Networking, ITU-T Y.3302, Jan. 2017.

[1]	JIA Min, SHU Yuejie, GUO Qing, GAO Zihe, XIE Suofei. DDoS Attack Detection Method for Space-Based Network Based on SDN Architecture [J]. ZTE Communications, 2020, 18(4): 18-25.
[2]	WU Hequan. Ten Reflections on 5G [J]. ZTE Communications, 2020, 18(1): 1-4.
[3]	CHEN Yan, WEN Xitao, LENG Xue, YANG Bo, Li Erran Li, ZHENG Peng, HU Chengchen. Optimization Framework for Minimizing Rule Update Latency in SDN Switches [J]. ZTE Communications, 2018, 16(4): 15-29.
[4]	BAI Jiasong, ZHANG Menghao, BI Jun. Survey of Attacks and Countermeasures for SDN [J]. ZTE Communications, 2018, 16(4): 3-8.
[5]	XU Xiaoqiong, YU Hongfang, YANG Kun. DDoS Attack in Software Defined Networks: A Survey [J]. ZTE Communications, 2017, 15(3): 13-19.
[6]	LIAO Lingxia, Victor C. M. Leung, LAI Chin-Feng. Evolutionary Algorithms in Software Defined Networks: Techniques, Applications, and Issues [J]. ZTE Communications, 2017, 15(3): 20-36.
[7]	WANG Yangyang, BI Jun. Survey of Mechanisms for Inter-Domain SDN [J]. ZTE Communications, 2017, 15(3): 8-12.
[8]	DONG Baihong, WU Weigang, YANG Zhiwei, LI Junjie. Software Defined Networking Based On-Demand Routing Protocol in Vehicle Ad-Hoc Networks [J]. ZTE Communications, 2017, 15(2): 11-18.
[9]	Zhi Liu, Xiang Wang, and Jun Li. From CIA to PDR:A Top-Down Survey of SDN Security for Cloud DCN [J]. ZTE Communications, 2016, 14(1): 54-60.
[10]	Feng Ye, Yi Qian. Secure Communication Networks in the Advanced Metering Infrastructure of Smart Grid [J]. ZTE Communications, 2015, 13(3): 13-20.
[11]	M. Boucadair and C. Jacquenet. Service Parameter Exposure and Dynamic Service Negotiation in SDN Environments [J]. ZTE Communications, 2014, 12(2): 8-17.
[12]	Xiongyan Tang, Pei Zhang, and Chang Cao. SDN-Based Broadband Network for Cloud Services [J]. ZTE Communications, 2014, 12(2): 18-22.
[13]	Jiandong Li, Peng Liu, and Hongyan Li. Software-Defined Cellular Mobile Network Solutions [J]. ZTE Communications, 2014, 12(2): 28-33.
[14]	Lianming Zhang, Jia Liu, and Kun Yang. VirtualizedWireless SDNs: Modelling Delay Through the Use of Stochastic Network Calculus [J]. ZTE Communications, 2014, 12(2): 50-56.
[15]	Bhumip Khasnabish, Jie Hu, and Ghazanfar Ali. Virtualizing Network and Service Functions: Impact on ICT Transformation and Standardization [J]. ZTE Communications, 2013, 11(4): 40-46.

SDN Based Security Services

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 11

Related Articles 15

Recommended Articles

Metrics