{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T21:40:09Z","timestamp":1750369209928,"version":"3.41.0"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319611754"},{"type":"electronic","value":"9783319611761"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-61176-1_16","type":"book-chapter","created":{"date-parts":[[2017,6,21]],"date-time":"2017-06-21T01:54:25Z","timestamp":1498010065000},"page":"293-310","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Firewall Policies Provisioning Through SDN in the Cloud"],"prefix":"10.1007","author":[{"given":"Nora","family":"Cuppens","sequence":"first","affiliation":[]},{"given":"Salaheddine","family":"Zerkane","sequence":"additional","affiliation":[]},{"given":"Yanhuang","family":"Li","sequence":"additional","affiliation":[]},{"given":"David","family":"Espes","sequence":"additional","affiliation":[]},{"given":"Philippe","family":"Le Parc","sequence":"additional","affiliation":[]},{"given":"Fr\u00e9d\u00e9ric","family":"Cuppens","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,6,22]]},"reference":[{"issue":"1","key":"16_CR1","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1109\/SURV.2013.081313.00105","volume":"16","author":"AK Adrian Lara","year":"2014","unstructured":"Adrian Lara, A.K., Ramamurthy, B.: Network innovation using openflow: a survey. IEEE Commun. Surv. Tutorials 16(1), 493\u2013511 (2014)","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"16_CR2","unstructured":"Batista, B., Fernandez, M.: Ponderflow: a policy specification language for openflow networks. In: The Thirteenth International Conference on Networks, pp. 204\u2013209 (2014)"},{"key":"16_CR3","doi-asserted-by":"crossref","unstructured":"Ben-Itzhak, Y., Barabash, K., Cohen, R., Levin, A., Raichstein, E.: EnforSDN: network policies enforcement with SDN. In: 2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM), pp. 80\u201388. IEEE (2015)","DOI":"10.1109\/INM.2015.7140279"},{"key":"16_CR4","doi-asserted-by":"crossref","unstructured":"Bernsmed, K., Jaatun, M.G., Undheim, A.: Security in service level agreements for cloud computing. In: CLOSER, pp. 636\u2013642 (2011)","DOI":"10.5220\/0003391606360642"},{"key":"16_CR5","doi-asserted-by":"crossref","unstructured":"Bharadwaj, V.G., Baras, J.S.: Towards automated negotiation of access control policies. In: Policy, pp. 111\u2013119 (2003)","DOI":"10.1109\/POLICY.2003.1206965"},{"key":"16_CR6","doi-asserted-by":"crossref","unstructured":"Bijon, K., Krishnan, R., Sandhu, R.: Virtual resource orchestration constraints in cloud infrastructure as a service. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 183\u2013194. ACM (2015)","DOI":"10.1145\/2699026.2699112"},{"issue":"3","key":"16_CR7","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1023\/A:1026441215081","volume":"4","author":"S Bistarelli","year":"1999","unstructured":"Bistarelli, S., Montanari, U., Rossi, F., Schiex, T., Verfaillie, G., Fargier, H.: Semiring-based CSPs and valued CSPs: frameworks, properties, and comparison. Constraints 4(3), 199\u2013240 (1999)","journal-title":"Constraints"},{"key":"16_CR8","unstructured":"Chernov, D.V.: Attribute based access control models. Prikladnaya Diskretnaya Matematika, Suppl., 79\u201382 (2012)"},{"key":"16_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1007\/3-540-44569-2_2","volume-title":"Policies for Distributed Systems and Networks","author":"N Damianou","year":"2001","unstructured":"Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lupu, E.C., Lobo, J. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18\u201338. Springer, Heidelberg (2001). doi:10.1007\/3-540-44569-2_2"},{"key":"16_CR10","doi-asserted-by":"crossref","unstructured":"Fong, P.W.: Relationship-based access control: protection model and policy language. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, pp. 191\u2013202. ACM (2011)","DOI":"10.1145\/1943513.1943539"},{"key":"16_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"202","DOI":"10.1007\/3-540-45807-7_29","volume-title":"Security Protocols","author":"VD Gligor","year":"2002","unstructured":"Gligor, V.D.: Negotiation of access control policies. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds.) Security Protocols 2001. LNCS, vol. 2467, pp. 202\u2013212. Springer, Heidelberg (2002). doi:10.1007\/3-540-45807-7_29"},{"issue":"5","key":"16_CR12","first-page":"327","volume":"11","author":"T Hegr","year":"2013","unstructured":"Hegr, T., Bohac, L., Uhlir, V., Chlumsky, P.: Openflow deployment and concept analysis. Adv. Electr. Electron. Eng. 11(5), 327 (2013)","journal-title":"Adv. Electr. Electron. Eng."},{"key":"16_CR13","doi-asserted-by":"crossref","unstructured":"Hu, H., Han, W., Ahn, G.J., Zhao, Z.: Flowguard: building robust firewalls for software-defined networks. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 97\u2013102. ACM (2014)","DOI":"10.1145\/2620728.2620749"},{"key":"16_CR14","doi-asserted-by":"crossref","unstructured":"Huang, S.S., Green, T.J., Loo, B.T.: Datalog and emerging applications: an interactive tutorial. In: Proceedings of the 2011 ACM SIGMOD International Conference on Management of Data, pp. 1213\u20131216. ACM (2011)","DOI":"10.1145\/1989323.1989456"},{"key":"16_CR15","unstructured":"Kalam, A.A.E., Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Proceedings of the IEEE 4th International Workshop on Organization based access control. In: Policies for Distributed Systems and Networks, POLICY 2003, pp. 120\u2013131. IEEE (2003)"},{"key":"16_CR16","doi-asserted-by":"crossref","unstructured":"Kaur, K., Kaur, S., Gupta, V.: Software defined networking based routing firewall. In: 2016 International Conference on Computational Techniques in Information and Communication Technologies (ICCTICT), pp. 267\u2013269. IEEE (2016)","DOI":"10.1109\/ICCTICT.2016.7514590"},{"issue":"1","key":"16_CR17","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1109\/TNSM.2016.2517407","volume":"13","author":"A Lara","year":"2016","unstructured":"Lara, A., Ramamurthy, B.: Opensec: policy-based security using software-defined networking. IEEE Trans. Netw. Serv. Manag. 13(1), 30\u201342 (2016)","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"16_CR18","doi-asserted-by":"crossref","unstructured":"Leite, A.F., Alves, V., Rodrigues, G.N., Tadonki, C., Eisenbeis, C., de Melo, A.: Automating resource selection and configuration in inter-clouds through a software product line method. In: 2015 IEEE 8th International Conference on Cloud Computing, pp. 726\u2013733. IEEE (2015)","DOI":"10.1109\/CLOUD.2015.101"},{"key":"16_CR19","doi-asserted-by":"crossref","unstructured":"Li, Y., Cuppens-Boulahia, N., Crom, J.M., Cuppens, F., Frey, V.: Reaching agreement in security policy negotiation. In: 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 98\u2013105. IEEE (2014)","DOI":"10.1109\/TrustCom.2014.17"},{"key":"16_CR20","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1007\/978-3-319-33630-5_8","volume-title":"ICT Systems Security and Privacy Protection","author":"Y Li","year":"2016","unstructured":"Li, Y., Cuppens-Boulahia, N., Crom, J.-M., Cuppens, F., Frey, V.: Expression and enforcement of security policy for virtual resource allocation in IaaS cloud. In: Hoepman, J.-H., Katzenbeisser, S. (eds.) SEC 2016. IFIP AICT, vol. 471, pp. 105\u2013118. Springer, Cham (2016). doi:10.1007\/978-3-319-33630-5_8"},{"key":"16_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/978-3-319-26961-0_14","volume-title":"Information Systems Security","author":"Y Li","year":"2015","unstructured":"Li, Y., Cuppens-Boulahia, N., Crom, J.-M., Cuppens, F., Frey, V., Ji, X.: Similarity measure for security policies in service provider selection. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2015. LNCS, vol. 9478, pp. 227\u2013242. Springer, Cham (2015). doi:10.1007\/978-3-319-26961-0_14"},{"key":"16_CR22","doi-asserted-by":"crossref","unstructured":"Mehregan, P., Fong, P.W.: Policy negotiation for co-owned resources in relationship-based access control. In: Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies, pp. 125\u2013136. ACM (2016)","DOI":"10.1145\/2914642.2914652"},{"issue":"1","key":"16_CR23","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1016\/j.future.2011.05.016","volume":"28","author":"A Nathani","year":"2012","unstructured":"Nathani, A., Chaudhary, S., Somani, G.: Policy based resource allocation in iaas cloud. Future Gener. Comput. Syst. 28(1), 94\u2013103 (2012)","journal-title":"Future Gener. Comput. Syst."},{"key":"16_CR24","unstructured":"NTT: Component-based software defined networking framework (2017). www.osrg.github.io\/ryu\/"},{"key":"16_CR25","unstructured":"ONF: Openflow switch specification, December 2014"},{"key":"16_CR26","unstructured":"Pfaff, B., Pettit, J., Amidon, K., Casado, M., Koponen, T., Shenker, S.: Extending networking into the virtualization layer. In: Hotnets (2009)"},{"key":"16_CR27","unstructured":"Pfaff, B., Pettit, J., Koponen, T., Jackson, E.J., Zhou, A., Rajahalme, J., Gross, J., Wang, A., Stringer, J., Shelar, P., et al.: The design and implementation of open vSwitch. In: NSDI, pp. 117\u2013130 (2015)"},{"key":"16_CR28","unstructured":"Rissanen, E.: extensible access control markup language (XACML) version 3.0 (committe specification 01). Technical report, OASIS (2010). http:\/\/docs.oasisopen.org\/xacml\/3.0\/xacml-3.0-core-spec-cd-03-en.pdf"},{"key":"16_CR29","doi-asserted-by":"crossref","unstructured":"Sadki, S., El Bakkali, H.: An approach for privacy policies negotiation in mobile health-cloud environments. In: 2015 International Conference on Cloud Technologies and Applications (CloudTech), pp. 1\u20136. IEEE (2015)","DOI":"10.1109\/CloudTech.2015.7336983"},{"issue":"2","key":"16_CR30","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1109\/2.485845","volume":"29","author":"RS Sandhu","year":"1996","unstructured":"Sandhu, R.S., Coynek, E.J., Feinsteink, H.L., Youmank, C.E.: Role-based access control models yz. IEEE Comput. 29(2), 38\u201347 (1996)","journal-title":"IEEE Comput."},{"key":"16_CR31","doi-asserted-by":"crossref","unstructured":"Satasiya, D., et al.: Analysis of software defined network firewall (sdf). In: International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 228\u2013231. IEEE (2016)","DOI":"10.1109\/WiSPNET.2016.7566125"},{"key":"16_CR32","doi-asserted-by":"crossref","unstructured":"Shin, S., Gu, G.: Cloudwatcher: network security monitoring using openflow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?). In: 2012 20th IEEE International Conference on Network Protocols (ICNP), pp. 1\u20136. IEEE (2012)","DOI":"10.1109\/ICNP.2012.6459946"},{"key":"16_CR33","unstructured":"Shin, S., Porras, P.A., Yegneswaran, V., Fong, M.W., Gu, G., Tyson, M.: Fresco: modular composable security services for software-defined networks. In: NDSS (2013)"},{"issue":"1","key":"16_CR34","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s13174-016-0043-y","volume":"7","author":"Y Tang","year":"2016","unstructured":"Tang, Y., Cheng, G., Xu, Z., Chen, F., Elmansor, K., Wu, Y.: Automatic belief network modeling via policy inference for SDN fault localization. J. Internet Serv. Appl. 7(1), 1 (2016)","journal-title":"J. Internet Serv. Appl."},{"key":"16_CR35","unstructured":"Xue, W., Huai, J., Liu, Y.: Access control policy negotiation for remote hot-deployed grid services. In: First International Conference on e-Science and Grid Computing (e-Science 2005), 9 p. IEEE (2005)"},{"key":"16_CR36","doi-asserted-by":"crossref","unstructured":"Zerkane, S., Espes, D., Le Parc, P., Cuppens, F.: A proactive stateful firewall for software defined networking. In: Risks and Security of Internet and Systems - 11th International Conference, CRiSIS 2016, Roscoff, France, 5\u20137 September 2016, Revised Selected Papers, pp. 123\u2013138 (2016)","DOI":"10.1007\/978-3-319-54876-0_10"},{"key":"16_CR37","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/978-3-319-33630-5_9","volume-title":"ICT Systems Security and Privacy Protection","author":"S Zerkane","year":"2016","unstructured":"Zerkane, S., Espes, D., Le Parc, P., Cuppens, F.: Software defined networking reactive stateful firewall. In: Hoepman, J.-H., Katzenbeisser, S. (eds.) SEC 2016. IFIP AICT, vol. 471, pp. 119\u2013132. Springer, Cham (2016). doi:10.1007\/978-3-319-33630-5_9"}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security and Privacy XXXI"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-61176-1_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T21:06:43Z","timestamp":1750367203000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-61176-1_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319611754","9783319611761"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-61176-1_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"22 June 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DBSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP Annual Conference on Data and Applications Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Philadelphia","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 July 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 July 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dbsec2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dbsec2017.ittc.ku.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}