Article: A framework for security enhancement in multitenant SDN-based datacentres Journal: International Journal of Security and Networks (IJSN) 2020 Vol.15 No.4 pp.183 - 196 Abstract: Nowadays, there is a rising demand for enterprises to migrate datacentre into public cloud. This transfer has several drivers such as decreasing datacentre operational cost and increasing scalability. Moreover, it motivated cloud providers to construct more multitenant datacentres. On the other hand, cyber attacks against IT infrastructures are becoming sophisticated. In this paper, a framework is proposed to enhance security for software defined network (SDNs)-based multitenant datacentres. A novel mechanism is introduced to only forward suspicious traffic for deep packet inspection (DPI) without affecting any other traffic. Attack graphs are used to specify all possible attack scenarios against datacentre network. Framework proof of concept prototype is implemented using a mixed emulation and simulation environment. A typical multitenant datacentre network topology is used to test and evaluate framework performance. Performance evaluation results show framework feasibility and performance against attacks while not affecting delay sensitive traffic. Inderscience Publishers - linking academia, business and industry through research

Title: A framework for security enhancement in multitenant SDN-based datacentres

Authors: Mostafa Ammar; Ayman A. Abdel-Hamid; Mohamed R.M. Rizk; Magdy A. Ahmed

Addresses: Computer Networks and Datacenter, Arab Academy for Science, Technology and Maritime Transport, Alexandria, Egypt ' Computer Science Department, College of Computing and Information Technology, Arab Academy for Science, Technology and Maritime Transport, Alexandria, Egypt ' Electrical Engineering Department, Faculty of Engineering, Alexandria University, Alexandria, Egypt ' Computer and Systems Engineering Department, Faculty of Engineering, Alexandria University, Alexandria, Egypt

Abstract: Nowadays, there is a rising demand for enterprises to migrate datacentre into public cloud. This transfer has several drivers such as decreasing datacentre operational cost and increasing scalability. Moreover, it motivated cloud providers to construct more multitenant datacentres. On the other hand, cyber attacks against IT infrastructures are becoming sophisticated. In this paper, a framework is proposed to enhance security for software defined network (SDNs)-based multitenant datacentres. A novel mechanism is introduced to only forward suspicious traffic for deep packet inspection (DPI) without affecting any other traffic. Attack graphs are used to specify all possible attack scenarios against datacentre network. Framework proof of concept prototype is implemented using a mixed emulation and simulation environment. A typical multitenant datacentre network topology is used to test and evaluate framework performance. Performance evaluation results show framework feasibility and performance against attacks while not affecting delay sensitive traffic.

Keywords: software defined network; SDN; datacentre; multitenancy; security; attack graph; deep packet inspection; DPI.

DOI: 10.1504/IJSN.2020.111127

International Journal of Security and Networks, 2020 Vol.15 No.4, pp.183 - 196

Received: 18 Jun 2019
Accepted: 04 Aug 2019
Published online: 10 Nov 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: A framework for security enhancement in multitenant SDN-based datacentres

Keep up-to-date