Semantic-aware security orchestration in SDN/NFV-enabled IoT systems

Alejandro Molina Zarca, Miloud Bagaa, Jorge Bernal Bernabe*, Tarik Taleb, Antonio F. Skarmeta

*Corresponding author for this work

Research output: Contribution to journalArticleScientificpeer-review

27 Citations (Scopus)
119 Downloads (Pure)

Abstract

IoT systems can be leveraged by Network Function Virtualization (NFV) and Software-Defined Networking (SDN) technologies, thereby strengthening their overall flexibility, security and resilience. In this sense, adaptive and policy-based security frameworks for SDN/NFV-aware IoT systems can provide a remarkable added value for self-protection and self-healing, by orchestrating and enforcing dynamically security policies and associated Virtual Network Functions (VNF) or Virtual network Security Functions (VSF) according to the actual context. However, this security orchestration is subject to multiple possible inconsistencies between the policies to enforce, the already enforced management policies and the evolving status of the managed IoT system. In this regard, this paper presents a semantic-aware, zero-touch and policy-driven security orchestration framework for autonomic and conflict-less security orchestration in SDN/NFV-aware IoT scenarios while ensuring optimal allocation and Service Function Chaining (SFC) of VSF. The framework relies on Semantic technologies and considers the security policies and the evolving IoT system model to dynamically and formally detect any semantic conflict during the orchestration. In addition, our optimized SFC algorithm maximizes the QoS, security aspects and resources usage during VSF allocation. The orchestration security framework has been implemented and validated showing its feasibility and performance to detect the conflicts and optimally enforce the VSFs.

Original languageEnglish
Article number3622
Pages (from-to)1-26
Number of pages24
JournalSensors (Switzerland)
Volume20
Issue number13
DOIs
Publication statusPublished - Jul 2020
MoE publication typeA1 Journal article-refereed

Keywords

  • IoT
  • NFV
  • Optimization
  • QoS
  • SDN
  • Security
  • Semantic technologies

Fingerprint

Dive into the research topics of 'Semantic-aware security orchestration in SDN/NFV-enabled IoT systems'. Together they form a unique fingerprint.
  • INSPIRE-5Gplus: INtelligent Security and PervasIve tRust for 5G and Beyond

    Taleb, T. (Principal investigator), Benzaid, C. (Project Member), Boukhalfa, M. (Project Member), Dang, Y. (Project Member), Farooqi, M. (Project Member) & Hireche, O. (Project Member)

    01/11/201931/10/2022

    Project: EU: Framework programmes funding

  • CSN: Customized Software Networking across Multiple Administrative Domains

    Taleb, T. (Principal investigator), Addad, R. (Project Member), Afolabi, I. (Project Member), Amor, A. (Project Member), Yu, H. (Project Member), Kianpisheh, S. (Project Member), Mariouak, M. (Project Member), Hellaoui, H. (Project Member), Sehad, N. (Project Member), Boudi, A. (Project Member), El Marai, O. (Project Member), Shokrnezhad, M. (Project Member), Bagaa, M. (Project Member), Maity, I. (Project Member), Naas, S.-A. (Project Member), Bekkouche, O. (Project Member), Benzaid, C. (Project Member), Kerfah, I. (Project Member), Mada, B. (Project Member) & Yang, B. (Project Member)

    01/09/201731/08/2021

    Project: Academy of Finland: Other research funding

  • ANASTACIA: Advanced Networked Agents for Security and Trust Assessment in CPS/IOT Architectures

    Taleb, T. (Principal investigator), Addad, R. (Project Member), Abada, A. (Project Member), Bouhanana, M. (Project Member), Naas, S.-A. (Project Member), Farris, I. (Project Member), Boudi, A. (Project Member), Hireche, O. (Project Member), Nadir, Z. (Project Member), Khettab, Y. (Project Member), Mada, B. (Project Member), Nait Abbou, A. (Project Member), Bagaa, M. (Project Member) & Boukhalfa, M. (Project Member)

    01/01/201731/12/2019

    Project: EU: Framework programmes funding

Cite this