%0 Conference Proceedings
%T Firewall Policies Provisioning Through SDN in the Cloud
%+ IMT Atlantique (IMT Atlantique)
%+ Institut de Recherche Technologique b-com (IRT b-com)
%+ Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance (Lab-STICC)
%+ Lab-STICC_UBO_CID_SFIIS
%+ Domaine Network (IRT b<>com) (Network)
%A Cuppens, Nora
%A Zerkane, Salaheddine
%A Li, Yanhuang
%A Espes, David
%A Le Parc, Philippe
%A Cuppens, Frédéric
%Z Part 3: Cloud Security
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC)
%C Philadelphia, PA, United States
%Y Giovanni Livraga
%Y Sencun Zhu
%I Springer International Publishing
%3 Data and Applications Security and Privacy XXXI
%V LNCS-10359
%P 293-310
%8 2017-07-19
%D 2017
%R 10.1007/978-3-319-61176-1_16
%K Security policies
%K Software Defined Networking
%K Cloud computing
%K Orchestration
%K Firewall
%K OpenFlow
%K Service providers
%K ABAC
%Z Computer Science [cs]Conference papers
%X The evolution of the digital world drives cloud computing to be a key infrastructure for data and services. This breakthrough is transforming Software Defined Networking into the cloud infrastructure backbone because of its advantages such as programmability, abstraction and flexibility. As a result, many cloud providers select SDN as a cloud network service and offer it to their customers. However, due to the rising number of network cloud providers and their security offers, network cloud customers strive to find the best provider candidate who satisfies their security requirements. In this context, we propose a negotiation and an enforcement framework for SDN firewall policies provisioning. Our solution enables customers and SDN providers to express their firewall policies and to negotiate them via an orchestrator. Then, it reinforces these security requirements using the holistic view of the SDN controllers and it deploys the generated firewall rules into the network elements. We evaluate the performance of the solution and demonstrate its advantages.
%G English
%Z TC 11
%Z WG 11.3
%2 https://inria.hal.science/hal-01684362/document
%2 https://inria.hal.science/hal-01684362/file/453481_1_En_16_Chapter.pdf
%L hal-01684362
%U https://inria.hal.science/hal-01684362
%~ UNIV-BREST
%~ INSTITUT-TELECOM
%~ CNRS
%~ UNIV-UBS
%~ LAB-STICC_UBO
%~ ENIB
%~ LAB-STICC_ENIB
%~ IFIP-LNCS
%~ IFIP
%~ LAB-STICC
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ BCOM_NETWORK
%~ BCOM_NA
%~ IFIP-LNCS-10359
%~ IBNM
%~ BCOM_NETWORK_SECURITY
%~ BCOM_AC
%~ INSTITUTS-TELECOM