A Security Platform Using Software Defined Infrastructure

In this work, we designed an architecture for cloud network security, leveraging Software Defined Infrastructure, which enables centralized management of compute and networking resources. We show that utilizing SDIâ s service chaining and its Software Defined Networking approach, network security functions such as intrusion detection and prevention, as well as distributed firewalls can be realized as services in the cloud, as modeled in Network Function Virtualization. In our platform, protective resources are located as close as possible to the entity being protected. Furthermore, the design of the user-friendly interfaces for these services to be used is discussed, where the user traffic flows are associated with Enhanced Security Profiles, together forming Enhanced Security Groups. We also discuss our implemented proof-of-concept on SAVI testbed.M.A.S