Policy-based network and security management in federated service
infrastructures with permissioned blockchains
M. Grabatin, W. Hommel, and M. Steinke. Sixth International Symposium on Security in Computing and Communications(SSCC’18) (SSCC-2018), Bangalore, India, India, (September 2018)
Abstract
The 5G network architecture will support mobile next-generation
points-of-presence (NG-POP) -- for instance as part of aspired
telecommunications providers clouds -- that deliver high-bandwidth network
access as well as edge computing capacity. Given the large number of
involved federated infrastructure operators, customers (tenants), and end
users, dynamically provisioning services with network quality-of-service
(QoS) and security policy constraints becomes increasingly complex and
cannot yet be fully automated. Using the example of mobile NG-POPs for
large-scale public events, such as soccer world championship matches, we
first discuss the shortcomings and limits of state-of-the-art policy-based
network and security management concepts in such future scenarios. We then
present a novel approach to improve the scalability and degree of
automation of network and security management tasks by storing parts of
requirements for service level agreements (e.g., bandwidth guarantees) and
security policies (e.g., regarding firewall settings) in a permissioned
blockchain. An example of a smart contract running on the permissioned
blockchains demonstrates the feasibility. Besides a critical discussion of
the current limits of our approach, we outline the potential in contexts
such as QoS monitoring by neutral third parties, transparent accounting and
billing, and network neutrality, which more research in this area may
yield.
%0 Conference Paper
%1 Homm1809:Policy
%A Grabatin, Michael
%A Hommel, Wolfgang
%A Steinke, Michael
%B Sixth International Symposium on Security in Computing and Communications(SSCC’18) (SSCC-2018)
%C Bangalore, India, India
%D 2018
%K federated infrastructures management network security sendate sendate-planets service
%T Policy-based network and security management in federated service
infrastructures with permissioned blockchains
%X The 5G network architecture will support mobile next-generation
points-of-presence (NG-POP) -- for instance as part of aspired
telecommunications providers clouds -- that deliver high-bandwidth network
access as well as edge computing capacity. Given the large number of
involved federated infrastructure operators, customers (tenants), and end
users, dynamically provisioning services with network quality-of-service
(QoS) and security policy constraints becomes increasingly complex and
cannot yet be fully automated. Using the example of mobile NG-POPs for
large-scale public events, such as soccer world championship matches, we
first discuss the shortcomings and limits of state-of-the-art policy-based
network and security management concepts in such future scenarios. We then
present a novel approach to improve the scalability and degree of
automation of network and security management tasks by storing parts of
requirements for service level agreements (e.g., bandwidth guarantees) and
security policies (e.g., regarding firewall settings) in a permissioned
blockchain. An example of a smart contract running on the permissioned
blockchains demonstrates the feasibility. Besides a critical discussion of
the current limits of our approach, we outline the potential in contexts
such as QoS monitoring by neutral third parties, transparent accounting and
billing, and network neutrality, which more research in this area may
yield.
@inproceedings{Homm1809:Policy,
abstract = {The 5G network architecture will support mobile next-generation
points-of-presence (NG-POP) -- for instance as part of aspired
telecommunications providers clouds -- that deliver high-bandwidth network
access as well as edge computing capacity. Given the large number of
involved federated infrastructure operators, customers (tenants), and end
users, dynamically provisioning services with network quality-of-service
(QoS) and security policy constraints becomes increasingly complex and
cannot yet be fully automated. Using the example of mobile NG-POPs for
large-scale public events, such as soccer world championship matches, we
first discuss the shortcomings and limits of state-of-the-art policy-based
network and security management concepts in such future scenarios. We then
present a novel approach to improve the scalability and degree of
automation of network and security management tasks by storing parts of
requirements for service level agreements (e.g., bandwidth guarantees) and
security policies (e.g., regarding firewall settings) in a permissioned
blockchain. An example of a smart contract running on the permissioned
blockchains demonstrates the feasibility. Besides a critical discussion of
the current limits of our approach, we outline the potential in contexts
such as QoS monitoring by neutral third parties, transparent accounting and
billing, and network neutrality, which more research in this area may
yield.},
added-at = {2018-09-25T16:28:18.000+0200},
address = {Bangalore, India, India},
author = {Grabatin, Michael and Hommel, Wolfgang and Steinke, Michael},
biburl = {https://www.bibsonomy.org/bibtex/2a1c02ebfaf20871e6a0362af3ad2ff96/ms_unibw},
booktitle = {Sixth International Symposium on Security in Computing and Communications(SSCC’18) (SSCC-2018)},
days = {18},
interhash = {25cc07660a9bd82ef7494b87e69e4bca},
intrahash = {a1c02ebfaf20871e6a0362af3ad2ff96},
keywords = {federated infrastructures management network security sendate sendate-planets service},
month = sep,
timestamp = {2019-02-06T17:00:06.000+0100},
title = {Policy-based network and security management in federated service
infrastructures with permissioned blockchains},
year = 2018
}