Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Information Security Applications

WISA 2014: Information Security Applications pp 190–201Cite as

SecaaS Framework and Architecture: A Design of Dynamic Packet Control

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8909))

Abstract

This paper introduces SecaaS framework, a solution that allows security vendors to move their business into the cloud. By doing so, it is possible for tenants of SecaaS framework to freely choose between various security products depending on their own business requirements. OpenFlow protocol is applied in our framework to control the data paths of tenants and forward those data to a chaining of subscribed services before going out to the Internet. This paper also proposes the OpenFlow Dynamic Packet Control (ODPC) system for optimizing network stability and performance of our system when a new service is added or existing service is removed. ODPC system, which works as an application, will calculate the cost of delay for data paths inside of our network and set-up the path that guarantees the minimum delay for each tenant. The contribution of this paper includes the solution to solve the vendor locked-in limitation in others’ SecaaS architecture. Moreover, this architecture is also considered as a solution for small scale security vendors to move their products into the cloud. In this paper, the proof-of-concept for SecaaS framework is also presented through demonstration. Furthermore, the ODPC system is considered as one of our efforts in order to improve the network performance in our system.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Senk, C.: Adoption of security as a service. J. Internet Serv. Appl. 4, 11 (2013)

    Article  Google Scholar 

  2. Mohammed, H., Hanady, A.: SECaaS: security as a service for cloud-based applications. In: Proceedings of the Second Kuwait Conference on e-Services and e-Systems, vol. 8 (2011)

    Google Scholar 

  3. Juniper Networks, Securing Virtual Server Environments with Juniper Networks and Altor Networks, White Paper, Oct 2009

    Google Scholar 

  4. Cryptzone: Securing SAP/ERP with the AppGate Unified Access Solution, White Paper 2009

    Google Scholar 

  5. Brock, M., Goscinski, A.: Toward a framework for cloud security. In: Hsu, C.-H., Yang, L.T., Park, J.H., Yeo, S.-S. (eds.) ICA3PP 2010, Part I. LNCS, vol. 6082, pp. 254–263. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  6. Open Networking Foundation: Software-Defined Networking: The New Norm for Networks, ONF White Paper 2013

    Google Scholar 

  7. McKeown, N., et al.: OpenFlow: Enabling innovation in campus networks. ACM SIGCOMM Commun. Rev. 38(2), 69–74 (2009)

    Article  Google Scholar 

  8. Shackleford D.: SANS Review: McAfee’s Total Protection for Data, A SANS Whitepaper 2009

    Google Scholar 

  9. Feamster, N., et al.: The road to SDN. Mag. Queue Large-Scale Implementations 11(12) (2009)

    Google Scholar 

  10. Feamster, N., et al.: The case for separating routing from routers. In: Proceedings of the ACM SIGCOMM Workshop on Future Directions in Network Architecture, pp. 5–12 (2014)

    Google Scholar 

  11. Tennenhouse, D.L., et al.: A survey of active network research. IEEE Commun. 35(1), 80 (1997)

    Article  Google Scholar 

  12. van der Merwe, J.E., et al.: The tempest: a practical framework for network programmability. IEEE Network 12(3), 20–28 (1997)

    Article  Google Scholar 

  13. IETF ForCES Group: IETF ForCES (Forwarding and Control Element Separation) (2001)

    Google Scholar 

  14. Dennis, G., Ivan, P., Ruslan, S.: toward network access control with software-defined networking. In: INTERNET 2013, June 2013

    Google Scholar 

  15. Gautam, K., Saurabh, K.S.: Demystifying routing services in software-defined networking. In: White paper (2013)

    Google Scholar 

  16. Rothenberg, C.E., et al.: Revisiting routing control platforms with the eyes and muscles of software-defined networking. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 13–183 (2013)

    Google Scholar 

  17. Dan, W., Hani, J.: Cementing high availability in OpenFLow with RuleBricks. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 139–144 (2013)

    Google Scholar 

Download references

Acknowledgments

This work was supported by the IT R&D program of ACT under the MOTIE/KEIT. [10045904, The development of Fundamental Technology for Security as a Service(SecaaS) Framework under cloud computing environment and the implementation of 1Gbps mobile data loss prevention(DLP) service based on the SecaaS Framework.]

This research was supported by the MSIP(Ministry of Science, ICT&Future Planning), Korea, under the ITRC(Information Technology Research Center) support program (NIPA-2014-H0301-14-1010) supervised by the NIPA(National IT Industry Promotion Agency).

Author information

Authors and Affiliations

  1. School of Electronic Engineering, Soongsil University, Seoul, Korea

    Ngoc-Tu Chau, Minh-Duong Nguyen, Seungwook Jung & Souhwan Jung

Authors
  1. Ngoc-Tu Chau
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Minh-Duong Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seungwook Jung
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Souhwan Jung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Souhwan Jung .

Editor information

Editors and Affiliations

  1. Pukyong National University, Busan, Korea, Republic of (South Korea)

    Kyung-Hyune Rhee

  2. School of Computer Science and Engineering, Soongsil University, Seoul, Korea, Republic of (South Korea)

    Jeong Hyun Yi

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Chau, NT., Nguyen, MD., Jung, S., Jung, S. (2015). SecaaS Framework and Architecture: A Design of Dynamic Packet Control. In: Rhee, KH., Yi, J. (eds) Information Security Applications. WISA 2014. Lecture Notes in Computer Science(), vol 8909. Springer, Cham. https://doi.org/10.1007/978-3-319-15087-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-15087-1_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-15086-4

  • Online ISBN: 978-3-319-15087-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation