Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

OrchSec: An orchestrator-based architecture for enhancing network-security using network monitoring and SDN control functions

: Zaalouk, Adel; Khondoker, Rahamatullah; Marx, Ronald; Bayarou, Kpatcha

Postprint urn:nbn:de:0011-n-3072794 (1.6 MByte PDF)
MD5 Fingerprint: 437441966892cfc736e2467742f12f43
© IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Created on: 25.9.2014

Institute of Electrical and Electronics Engineers -IEEE-; IEEE Communications Society; International Federation for Information Processing -IFIP-:
NOMS 2014, IEEE/IFIP Network Operations and Management Symposium : Krakow, Poland, 5 - 9 May 2014
Piscataway, NJ: IEEE, 2014
ISBN: 978-1-4799-0911-7
ISBN: 978-1-4799-0913-1
ISBN: 978-1-4799-0912-4
9 pp.
Network Operations and Management Symposium (NOMS) <14, 2014, Krakow>
Conference Paper, Electronic Publication
Fraunhofer SIT ()
Software Defined Networking (SDN); orchestration; management

The original design of the Internet did not take network security aspects into consideration, instead it aimed to facilitate the process of information exchange between endhosts. Consequently, many protocols that are part of the Internet infrastructure expose a set of vulnerabilities that can be exploited by attackers. To reduce these vulnerabilities, several security approaches were introduced as a form of add-ons to the existing Internet architecture. However, these approaches have their drawbacks (e.g., lack of centralized control, and automation). In this paper, to address these drawbacks, the features provided by Software Defined Networking (SON) such as network-visibility, centralized management and control are considered for developing security applications. Although the SON architecture provides features that can aid in the process of network security, it has some deficiencies when it comes to using SON for security. To address these deficiencies, several architectural requirements are derived to adapt the SON architecture for security use cases. For this purpose, OrchSec, an Orchestrator-based architecture that utilizes Network Monitoring and SDN Control functions to develop security applications is proposed. The functionality of the proposed architecture is demonstrated, tested, and validated using a security application.