University of Oulu

Molina Zarca, A.; Bagaa, M.; Bernal Bernabe, J.; Taleb, T.; Skarmeta, A.F. Semantic-Aware Security Orchestration in SDN/NFV-Enabled IoT Systems. Sensors 2020, 20, 3622,

Semantic-aware security orchestration in SDN/NFV-enabled IoT systems

Saved in:
Author: Zarca, Alejandro Molina1; Bagaa, Miloud2; Bernabe, Jorge Bernal1;
Organizations: 1Department of Information and Communications Engineering, University of Murcia, 30100 Murcia, Spain
2Communications and Networking Department, School of Electrical Engineering, Aalto University, 02150 Espoo, Finland
3Centre forWireless Communications (CWC), University of Oulu, 90570 Oulu, Finland
4Department of Computer and Information Security, Sejong University, Seoul 05006, Korea
Format: article
Version: published version
Access: open
Online Access: PDF Full Text (PDF, 0.8 MB)
Persistent link:
Language: English
Published: Multidisciplinary Digital Publishing Institute, 2020
Publish Date: 2020-09-24


IoT systems can be leveraged by Network Function Virtualization (NFV) and Software-Defined Networking (SDN) technologies, thereby strengthening their overall flexibility, security and resilience. In this sense, adaptive and policy-based security frameworks for SDN/NFV-aware IoT systems can provide a remarkable added value for self-protection and self-healing, by orchestrating and enforcing dynamically security policies and associated Virtual Network Functions (VNF) or Virtual network Security Functions (VSF) according to the actual context. However, this security orchestration is subject to multiple possible inconsistencies between the policies to enforce, the already enforced management policies and the evolving status of the managed IoT system. In this regard, this paper presents a semantic-aware, zero-touch and policy-driven security orchestration framework for autonomic and conflict-less security orchestration in SDN/NFV-aware IoT scenarios while ensuring optimal allocation and Service Function Chaining (SFC) of VSF. The framework relies on Semantic technologies and considers the security policies and the evolving IoT system model to dynamically and formally detect any semantic conflict during the orchestration. In addition, our optimized SFC algorithm maximizes the QoS, security aspects and resources usage during VSF allocation. The orchestration security framework has been implemented and validated showing its feasibility and performance to detect the conflicts and optimally enforce the VSFs.

see all

Series: Sensors
ISSN: 1424-8220
ISSN-E: 1424-8220
ISSN-L: 1424-8220
Volume: 20
Issue: 13
Article number: 3622
DOI: 10.3390/s20133622
Type of Publication: A1 Journal article – refereed
Field of Science: 213 Electronic, automation and communications engineering, electronics
Funding: This work was partially supported by the European research projects H2020 ANASTACIA GA 731558, H2020 INSPIRE-5Gplus GA 871808 and H2020 CyberSec4Europe project (GA 830929). It has been also partially funded by AXA Postdoctoral Scholarship awarded by the AXA Research Fund (Cyber-SecIoT project), and in part by the Spanish Government through the FPI Programme (ref. PRE2018-083731), FEDER funds in PERSEIDES project (TIN2017-86885-R). This work was partially supported by the Academy of Finland 6Genesis project under Grant No. 318927, and by the Academy of Finland CSN project under Grant No. 311654.
EU Grant Number: (871808) INSPIRE-5Gplus - INtelligent Security and PervasIve tRust for 5G and Beyond
Academy of Finland Grant Number: 318927
Detailed Information: 318927 (Academy of Finland Funding decision)
Copyright information: © The Authors 2020. This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.