Abstract
This paper introduces SecaaS framework, a solution that allows security vendors to move their business into the cloud. By doing so, it is possible for tenants of SecaaS framework to freely choose between various security products depending on their own business requirements. OpenFlow protocol is applied in our framework to control the data paths of tenants and forward those data to a chaining of subscribed services before going out to the Internet. This paper also proposes the OpenFlow Dynamic Packet Control (ODPC) system for optimizing network stability and performance of our system when a new service is added or existing service is removed. ODPC system, which works as an application, will calculate the cost of delay for data paths inside of our network and set-up the path that guarantees the minimum delay for each tenant. The contribution of this paper includes the solution to solve the vendor locked-in limitation in others’ SecaaS architecture. Moreover, this architecture is also considered as a solution for small scale security vendors to move their products into the cloud. In this paper, the proof-of-concept for SecaaS framework is also presented through demonstration. Furthermore, the ODPC system is considered as one of our efforts in order to improve the network performance in our system.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Senk, C.: Adoption of security as a service. J. Internet Serv. Appl. 4, 11 (2013)
Mohammed, H., Hanady, A.: SECaaS: security as a service for cloud-based applications. In: Proceedings of the Second Kuwait Conference on e-Services and e-Systems, vol. 8 (2011)
Juniper Networks, Securing Virtual Server Environments with Juniper Networks and Altor Networks, White Paper, Oct 2009
Cryptzone: Securing SAP/ERP with the AppGate Unified Access Solution, White Paper 2009
Brock, M., Goscinski, A.: Toward a framework for cloud security. In: Hsu, C.-H., Yang, L.T., Park, J.H., Yeo, S.-S. (eds.) ICA3PP 2010, Part I. LNCS, vol. 6082, pp. 254–263. Springer, Heidelberg (2010)
Open Networking Foundation: Software-Defined Networking: The New Norm for Networks, ONF White Paper 2013
McKeown, N., et al.: OpenFlow: Enabling innovation in campus networks. ACM SIGCOMM Commun. Rev. 38(2), 69–74 (2009)
Shackleford D.: SANS Review: McAfee’s Total Protection for Data, A SANS Whitepaper 2009
Feamster, N., et al.: The road to SDN. Mag. Queue Large-Scale Implementations 11(12) (2009)
Feamster, N., et al.: The case for separating routing from routers. In: Proceedings of the ACM SIGCOMM Workshop on Future Directions in Network Architecture, pp. 5–12 (2014)
Tennenhouse, D.L., et al.: A survey of active network research. IEEE Commun. 35(1), 80 (1997)
van der Merwe, J.E., et al.: The tempest: a practical framework for network programmability. IEEE Network 12(3), 20–28 (1997)
IETF ForCES Group: IETF ForCES (Forwarding and Control Element Separation) (2001)
Dennis, G., Ivan, P., Ruslan, S.: toward network access control with software-defined networking. In: INTERNET 2013, June 2013
Gautam, K., Saurabh, K.S.: Demystifying routing services in software-defined networking. In: White paper (2013)
Rothenberg, C.E., et al.: Revisiting routing control platforms with the eyes and muscles of software-defined networking. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 13–183 (2013)
Dan, W., Hani, J.: Cementing high availability in OpenFLow with RuleBricks. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 139–144 (2013)
Acknowledgments
This work was supported by the IT R&D program of ACT under the MOTIE/KEIT. [10045904, The development of Fundamental Technology for Security as a Service(SecaaS) Framework under cloud computing environment and the implementation of 1Gbps mobile data loss prevention(DLP) service based on the SecaaS Framework.]
This research was supported by the MSIP(Ministry of Science, ICT&Future Planning), Korea, under the ITRC(Information Technology Research Center) support program (NIPA-2014-H0301-14-1010) supervised by the NIPA(National IT Industry Promotion Agency).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Chau, NT., Nguyen, MD., Jung, S., Jung, S. (2015). SecaaS Framework and Architecture: A Design of Dynamic Packet Control. In: Rhee, KH., Yi, J. (eds) Information Security Applications. WISA 2014. Lecture Notes in Computer Science(), vol 8909. Springer, Cham. https://doi.org/10.1007/978-3-319-15087-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-15087-1_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-15086-4
Online ISBN: 978-3-319-15087-1
eBook Packages: Computer ScienceComputer Science (R0)