A First Step Toward Network Security Virtualization: From Concept To Prototype

Cited 40 time in webofscience Cited 48 time in scopus
  • Hit : 899
  • Download : 0
DC FieldValueLanguage
dc.contributor.authorShin, Seungwonko
dc.contributor.authorWang, Haopeiko
dc.contributor.authorGu, Guofeiko
dc.date.accessioned2016-04-15T02:58:14Z-
dc.date.available2016-04-15T02:58:14Z-
dc.date.created2015-10-06-
dc.date.created2015-10-06-
dc.date.issued2015-10-
dc.identifier.citationIEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, v.10, no.10, pp.2236 - 2249-
dc.identifier.issn1556-6013-
dc.identifier.urihttp://hdl.handle.net/10203/203868-
dc.description.abstractNetwork security management is becoming more and more complicated in recent years, considering the need of deploying more and more network security devices/middle-boxes at various locations inside the already complicated networks. A grand challenge in this situation is that current management is inflexible and the security resource utilization is not efficient. The flexible deployment and utilization of proper security devices at reasonable places at needed time with low management cost is extremely difficult. In this paper, we present a new concept of network security virtualization, which virtualizes security resources/functions to network administrators/users, and thus maximally utilizing existing security devices/middle-boxes. In addition, it enables security protection to desirable networks with minimal management cost. To verify this concept, we further design and implement a prototype system, NETSECVISOR, which can utilize existing pre-installed (fixed-location) security devices and leverage software-defined networking technology to virtualize network security functions. At its core, NETSECVISOR contains: 1) a simple script language to register security services and policies; 2) a set of routing algorithms to determine optimal routing paths for different security policies based on different needs; and 3) a set of security response functions/strategies to handle security incidents. We deploy NETSECVISOR in both virtual test networks and a commercial switch environment to evaluate its performance and feasibility. The evaluation results show that our prototype only adds a very small overhead while providing desired network security virtualization to network users/administrators.-
dc.languageEnglish-
dc.publisherIEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC-
dc.titleA First Step Toward Network Security Virtualization: From Concept To Prototype-
dc.typeArticle-
dc.identifier.wosid000360891300017-
dc.identifier.scopusid2-s2.0-84940688354-
dc.type.rimsART-
dc.citation.volume10-
dc.citation.issue10-
dc.citation.beginningpage2236-
dc.citation.endingpage2249-
dc.citation.publicationnameIEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY-
dc.identifier.doi10.1109/TIFS.2015.2453936-
dc.contributor.localauthorShin, Seungwon-
dc.contributor.nonIdAuthorWang, Haopei-
dc.contributor.nonIdAuthorGu, Guofei-
dc.type.journalArticleArticle-
dc.subject.keywordAuthorSecurity-
dc.subject.keywordAuthorsoftware-defined networking-
dc.subject.keywordAuthorvirtualization-
Appears in Collection
EE-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡ Click to see webofscience_button
⊙ Cited 40 items in WoS Click to see citing articles in records_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0