Abstract
The 5G network architecture will support mobile next-generation points-of-presence (NG-POP) – for instance as part of aspired telecommunication-providers clouds – that deliver high-bandwidth network access as well as edge computing capacity. Given the large number of involved federated infrastructure operators, customers (tenants), and end users, dynamically provisioning services with network quality-of-service (QoS) and security policy constraints becomes increasingly complex and cannot yet be fully automated. Using the example of mobile NG-POPs for large-scale public events, such as soccer world championship matches, we first discuss the shortcomings and limits of state-of-the-art policy-based network and security management concepts in such future scenarios. We then present a novel approach to improve the scalability and degree of automation of network and security management tasks by storing parts of requirements for service level agreements (e.g., bandwidth guarantees) and security policies (e.g., regarding firewall settings) in a permissioned blockchain. An example of a smart contract running on the permissioned blockchains demonstrates the feasibility. Besides a critical discussion of the current limits of our approach, we outline the potential in contexts such as QoS monitoring by neutral third parties, transparent accounting and billing, and network neutrality, which more research in this area may yield.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bari, M.F., Chowdhury, S.R., Ahmed, R., Boutaba, R.: PolicyCop: an autonomic QoS policy enforcement framework for software defined networks. In: Future Networks and Services (SDN4FNS), pp. 1–7. IEEE (2013)
Basnet, S.R., Shakya, S.: BSS: blockchain security over software defined network. In: 2017 International Conference on Computing, Communication and Automation (ICCCA), pp. 720–725, May 2017. https://doi.org/10.1109/CCAA.2017.8229910
Clemm, A.: Network Management Fundamentals. Cisco Press, Indianapolis (2006)
Di Modica, G., Tomarchio, O.: Matchmaking semantic security policies in heterogeneous clouds. Future Gener. Comput. Syst. 55, 176–185 (2016)
Machen, A., Wang, S., Leung, K.K., Ko, B.J., Salonidis, T.: Live service migration in mobile edge clouds. IEEE Wirel. Commun. 25(1), 140–147 (2018)
Moghaddam, F.F., Majd, A., Ahmadi, M., Khodadadi, T., Madadipouya, K.: A dynamic classification index to enhance data protection procedures in cloud-based environments. In: 2015 IEEE 6th Control and System Graduate Research Colloquium (ICSGRC), pp. 17–22. IEEE (2015)
Moghaddam, F.F., Wieder, P., Yahyapour, R.: Federated policy management engine for reliable cloud computing. In: 2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 910–915. IEEE (2017)
OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0 (2013). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf
Peters, G.W., Panayi, E.: Understanding modern banking ledgers through blockchain technologies: future of transaction processing and smart contracts on the internet of money. arXiv:1511.05740 [cs] (2015)
Soares, J., et al.: Toward a telco cloud environment for service functions. IEEE Commun. Mag. 53(2), 98–106 (2015)
Sood, S.K.: A combined approach to ensure data security in cloud computing. J. Netw. Comput. Appl. 35(6), 1831–1838 (2012)
Yildiz, M., Abawajy, J., Ercan, T., Bernoth, A.: A layered security approach for cloud computing infrastructure. In: 2009 10th International Symposium on Pervasive Systems, Algorithms, and Networks (ISPAN), pp. 763–767. IEEE (2009)
Acknowledgement
This work has been performed in the framework of the CELTIC EUREKA project SENDATE-PLANETS (Project ID C2015/3-1), and it is partly funded by the German BMBF (Project Id 16KIS0549). The authors alone are responsible for the content of the paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Grabatin, M., Hommel, W., Steinke, M. (2019). Policy-Based Network and Security Management in Federated Service Infrastructures with Permissioned Blockchains. In: Thampi, S., Madria, S., Wang, G., Rawat, D., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2018. Communications in Computer and Information Science, vol 969. Springer, Singapore. https://doi.org/10.1007/978-981-13-5826-5_11
Download citation
DOI: https://doi.org/10.1007/978-981-13-5826-5_11
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-5825-8
Online ISBN: 978-981-13-5826-5
eBook Packages: Computer ScienceComputer Science (R0)