Automatic, verifiable and optimized policy-based security enforcement for SDN-aware IoT networks

被引:16
|
作者
Bringhenti, Daniele [1 ]
Yusupov, Jalolliddin [2 ]
Zarca, Alejandro Molina [3 ]
Valenza, Fulvio [1 ]
Sisto, Riccardo [1 ]
Bernabe, Jorge Bernal [3 ]
Skarmeta, Antonio [3 ]
机构
[1] Politecn Torino, Dipartimento Automat & Informat, Turin, Italy
[2] Turin Polytech Univ, Dept Automat Control & Comp Engn, Tashkent, Uzbekistan
[3] Univ Murcia, Dept Commun & Informat Engn, Murcia, Spain
关键词
Security; IoT; SDN; INTERNET;
D O I
10.1016/j.comnet.2022.109123
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
The pervasiveness of Internet of Things (IoT) has made the management of computer networks more troublesome. The softwarized control provided by Software-Defined Networking (SDN) is not sufficient to overcome the problems raising in this context. An increasing number of attacks can, in fact, occur in SDN-aware IoT networks if the security configuration enforced on the SDN switches is manually computed and not formally verified. To mitigate this problem, this paper proposes a novel methodology which leverages Maximum Satisfiability Modulo Theories (MaxSMT) to automatically compute a formally correct and optimized allocation scheme and configuration of SDN switches by refining security policies, user-defined or derived from detected attacks. This mechanism is compliant with the main characteristics of virtualized IoT-based networks, such as the simultaneous presence of numerous interconnected devices and strict latency requirements. The feasibility and the performance of the framework developed to implement this methodology have been validated in a realistic use case.
引用
收藏
页数:12
相关论文
共 42 条
  • [1] Security Orchestration and Enforcement in NFV/SDN-Aware UAV Deployments
    Hermosilla, Ana
    Molina Zarca, Alejandro
    Bernal Bernabe, Jorge
    Ortiz, Jordi
    Skarmeta, Antonio
    IEEE ACCESS, 2020, 8 : 131779 - 131795
  • [2] Security Management Architecture for NFV/SDN-Aware IoT Systems
    Molina Zarca, Alejandro
    Bernal Bernabe, Jorge
    Trapero, Ruben
    Rivera, Diego
    Villalobos, Jesus
    Skarmeta, Antonio
    Bianchi, Stefano
    Zafeiropoulos, Anastasios
    Gouvas, Panagiotis
    IEEE INTERNET OF THINGS JOURNAL, 2019, 6 (05) : 8005 - 8020
  • [3] Policy-based Bigdata Security and QoS Framework for SDN/IoT: An Analytic Approach
    Pokhrel, Shiva Raj
    Sood, Keshav
    Yu, Shui
    Nosouhi, Mohammad Reza
    IEEE CONFERENCE ON COMPUTER COMMUNICATIONS WORKSHOPS (IEEE INFOCOM 2019 WKSHPS), 2019, : 73 - 78
  • [4] CyberShip-IoT: A dynamic and adaptive SDN-based security policy enforcement framework for ships
    Sahay, Rishikesh
    Meng, Weizhi
    Estay, D. A. Sepulveda
    Jensen, Christian D.
    Barfod, Michael Bruhn
    FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2019, 100 : 736 - 750
  • [5] IoT-NETSEc: Policy-based IoT Network Security using OpenFlow
    Nobakht, Mehdi
    Russell, Craig
    Hu, Wen
    Seneviratne, Aruna
    2019 IEEE INTERNATIONAL CONFERENCE ON PERVASIVE COMPUTING AND COMMUNICATIONS WORKSHOPS (PERCOM WORKSHOPS), 2019, : 955 - 960
  • [6] Explainable Security in SDN-Based IoT Networks
    Sarica, Alper Kaan
    Angin, Pelin
    SENSORS, 2020, 20 (24) : 1 - 30
  • [7] Policy-based context-aware overlay networks
    Al-Oqily, I.
    Karmouch, A.
    2007 FIRST INTERNATIONAL GLOBAL INFORMATION INFRASTRUCTURE SYMPOSIUM, 2007, : 85 - 92
  • [8] Policy-Based Enforcement of Database Security Configuration through Autonomic Capabilities
    Jabbour, Ghassan 'Gus'
    Menasce, Daniel A.
    FOURTH INTERNATIONAL CONFERENCE ON AUTONOMIC AND AUTONOMOUS SYSTEMS (ICAS 2008), 2008, : 188 - +
  • [9] Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures
    Hagan, Matthew
    Siddiqui, Fahad
    Sezer, Sakir
    2018 31ST IEEE INTERNATIONAL SYSTEM-ON-CHIP CONFERENCE (SOCC), 2018, : 84 - 89
  • [10] An IoT Framework Based on SDN and NFV for Context-Aware Security
    Ong, Arlyn Verina
    Peradilla, Marnel
    12TH INTERNATIONAL CONFERENCE ON UBIQUITOUS AND FUTURE NETWORKS (ICUFN 2021), 2021, : 167 - 172