软件定义安全性中的数据驱动编排框架

2016 IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC) Pub Date : 2016-09-01 DOI:10.1109/ICNIDC.2016.7974531

Weijia Wang, Xiaofeng Qiu, Li Sun, Rui Zhao

{"title":"软件定义安全性中的数据驱动编排框架","authors":"Weijia Wang, Xiaofeng Qiu, Li Sun, Rui Zhao","doi":"10.1109/ICNIDC.2016.7974531","DOIUrl":null,"url":null,"abstract":"Software-Defined Security (SDS), which provides a flexible and centralized security solution by abstracting the security mechanisms from the hardware layer into a software layer, attracts many researchers to study the detail of this conception. One of the key challenges of SDS is how to schedule and orchestrate security appliances according to huge and heterogeneous threat information, especially when they are still lack of standardized interfaces. In this paper, we present a data driven Security Device Orchestration Framework (SDOF) for SDS. In SDOF, we put forward uniform interfaces for security devices so that they could be orchestrated by software and their data could be collected and processed centrally. The complex Structured Threat Information eXpression (STIX) ontology and corresponding tools are tailored for SDOF to standardize and centralize all data in SDS. These two achievements makes real-time dynamic orchestration possible in SDS. We also provide an orchestration scenario to demonstrate how SDOF works and evaluated its performance.","PeriodicalId":439987,"journal":{"name":"2016 IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A data driven orchestration framework in software defined security\",\"authors\":\"Weijia Wang, Xiaofeng Qiu, Li Sun, Rui Zhao\",\"doi\":\"10.1109/ICNIDC.2016.7974531\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software-Defined Security (SDS), which provides a flexible and centralized security solution by abstracting the security mechanisms from the hardware layer into a software layer, attracts many researchers to study the detail of this conception. One of the key challenges of SDS is how to schedule and orchestrate security appliances according to huge and heterogeneous threat information, especially when they are still lack of standardized interfaces. In this paper, we present a data driven Security Device Orchestration Framework (SDOF) for SDS. In SDOF, we put forward uniform interfaces for security devices so that they could be orchestrated by software and their data could be collected and processed centrally. The complex Structured Threat Information eXpression (STIX) ontology and corresponding tools are tailored for SDOF to standardize and centralize all data in SDS. These two achievements makes real-time dynamic orchestration possible in SDS. We also provide an orchestration scenario to demonstrate how SDOF works and evaluated its performance.\",\"PeriodicalId\":439987,\"journal\":{\"name\":\"2016 IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICNIDC.2016.7974531\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNIDC.2016.7974531","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

软件定义安全(SDS)通过将硬件层的安全机制抽象到软件层，提供了一种灵活而集中的安全解决方案，吸引了许多研究者对这一概念的细节进行研究。SDS的主要挑战之一是如何根据庞大且异构的威胁信息来安排和编排安全设备，特别是在它们仍然缺乏标准化接口的情况下。在本文中，我们提出了一个数据驱动的安全设备编排框架(SDOF)。在SDOF中，我们为安全设备提出了统一的接口，使其能够被软件编排，数据能够集中收集和处理。复杂结构化威胁信息表达(STIX)本体和相应工具是为SDOF量身定制的，实现了SDS中所有数据的标准化和集中化。这两项成就使得SDS中的实时动态编排成为可能。我们还提供了一个编排场景来演示SDOF如何工作并评估其性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A data driven orchestration framework in software defined security

Software-Defined Security (SDS), which provides a flexible and centralized security solution by abstracting the security mechanisms from the hardware layer into a software layer, attracts many researchers to study the detail of this conception. One of the key challenges of SDS is how to schedule and orchestrate security appliances according to huge and heterogeneous threat information, especially when they are still lack of standardized interfaces. In this paper, we present a data driven Security Device Orchestration Framework (SDOF) for SDS. In SDOF, we put forward uniform interfaces for security devices so that they could be orchestrated by software and their data could be collected and processed centrally. The complex Structured Threat Information eXpression (STIX) ontology and corresponding tools are tailored for SDOF to standardize and centralize all data in SDS. These two achievements makes real-time dynamic orchestration possible in SDS. We also provide an orchestration scenario to demonstrate how SDOF works and evaluated its performance.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC)

自引率

0.00%

发文量