|
|
Semantic-aware security orchestration in SDN/NFV-enabled IoT systems |
|---|---|
| Author: | Zarca, Alejandro Molina1; Bagaa, Miloud2; Bernabe, Jorge Bernal1; |
| Organizations: |
1Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain 2Communications and Networking Department, School of Electrical Engineering, Aalto University, 02150 Espoo, Finland 3Centre forWireless Communications (CWC), University of Oulu, 90570 Oulu, Finland
4Department of Computer and Information Security, Sejong University, Seoul 05006, Korea
|
| Format: | article |
| Version: | published version |
| Access: | open |
| Online Access: | PDF Full Text (PDF, 0.8 MB) |
| Persistent link: | http://urn.fi/urn:nbn:fi-fe2020092475666 |
| Language: | English |
| Published: |
Multidisciplinary Digital Publishing Institute,
2020
|
| Publish Date: | 2020-09-24 |
| Description: |
AbstractIoT systems can be leveraged by Network Function Virtualization (NFV) and Software-Defined Networking (SDN) technologies, thereby strengthening their overall flexibility, security and resilience. In this sense, adaptive and policy-based security frameworks for SDN/NFV-aware IoT systems can provide a remarkable added value for self-protection and self-healing, by orchestrating and enforcing dynamically security policies and associated Virtual Network Functions (VNF) or Virtual network Security Functions (VSF) according to the actual context. However, this security orchestration is subject to multiple possible inconsistencies between the policies to enforce, the already enforced management policies and the evolving status of the managed IoT system. In this regard, this paper presents a semantic-aware, zero-touch and policy-driven security orchestration framework for autonomic and conflict-less security orchestration in SDN/NFV-aware IoT scenarios while ensuring optimal allocation and Service Function Chaining (SFC) of VSF. The framework relies on Semantic technologies and considers the security policies and the evolving IoT system model to dynamically and formally detect any semantic conflict during the orchestration. In addition, our optimized SFC algorithm maximizes the QoS, security aspects and resources usage during VSF allocation. The orchestration security framework has been implemented and validated showing its feasibility and performance to detect the conflicts and optimally enforce the VSFs. see all
|
| Series: |
Sensors |
| ISSN: | 1424-8220 |
| ISSN-E: | 1424-8220 |
| ISSN-L: | 1424-8220 |
| Volume: | 20 |
| Issue: | 13 |
| Article number: | 3622 |
| DOI: | 10.3390/s20133622 |
| OADOI: | https://oadoi.org/10.3390/s20133622 |
| Type of Publication: |
A1 Journal article – refereed |
| Field of Science: |
213 Electronic, automation and communications engineering, electronics |
| Subjects: | |
| Funding: |
This work was partially supported by the European research projects H2020 ANASTACIA GA 731558, H2020 INSPIRE-5Gplus GA 871808 and H2020 CyberSec4Europe project (GA 830929). It has been also partially funded by AXA Postdoctoral Scholarship awarded by the AXA Research Fund (Cyber-SecIoT project), and in part by the Spanish Government through the FPI Programme (ref. PRE2018-083731), FEDER funds in PERSEIDES project (TIN2017-86885-R). This work was partially supported by the Academy of Finland 6Genesis project under Grant No. 318927, and by the Academy of Finland CSN project under Grant No. 311654. |
| EU Grant Number: |
(871808) INSPIRE-5Gplus - INtelligent Security and PervasIve tRust for 5G and Beyond |
| Academy of Finland Grant Number: |
318927 |
| Detailed Information: |
318927 (Academy of Finland Funding decision) |
| Copyright information: |
© The Authors 2020. This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. |
|
https://creativecommons.org/licenses/by/4.0/ |