{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T04:12:58Z","timestamp":1760242378867,"version":"build-2065373602"},"reference-count":37,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2017,6,13]],"date-time":"2017-06-13T00:00:00Z","timestamp":1497312000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>In order to build an efficient security architecture, previous studies have attempted to understand complex system architectures and message flows to detect various attack packets. However, the existing hardware-based single security architecture cannot efficiently handle a complex system structure. To solve this problem, we propose a software-defined networking (SDN) policy-based scheme for an efficient security architecture. The proposed scheme considers four policy functions: separating, chaining, merging, and reordering. If SDN network functions virtualization (NFV) system managers use these policy functions to deploy a security architecture, they only submit some of the requirement documents to the SDN policy-based architecture. After that, the entire security network can be easily built. This paper presents information about the design of a new policy functions model, and it discusses the performance of this model using theoretical analysis.<\/jats:p>","DOI":"10.3390\/info8020065","type":"journal-article","created":{"date-parts":[[2017,6,14]],"date-time":"2017-06-14T03:19:32Z","timestamp":1497410372000},"page":"65","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Security Policy Scheme for an Efficient Security Architecture in Software-Defined Networking"],"prefix":"10.3390","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0065-1682","authenticated-orcid":false,"given":"Woosik","family":"Lee","sequence":"first","affiliation":[{"name":"Department of Computer Science, Kyonggi University, Suwon 16227, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Namgi","family":"Kim","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Kyonggi University, Suwon 16227, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2017,6,13]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1109\/MCOM.2015.7120043","article-title":"Cellular software defined networking: A framework","volume":"53","author":"Bradai","year":"2015","journal-title":"IEEE Commun. Mag."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1109\/MCOM.2015.7045396","article-title":"Network function virtualization: Challenges and opportunities for innovations","volume":"53","author":"Bo","year":"2015","journal-title":"IEEE Commun. Mag."},{"key":"ref_3","first-page":"177","article-title":"Study on virtual service chain for secure software-defined networking","volume":"29","author":"Lee","year":"2013","journal-title":"Adv. Sci. Technol. Lett."},{"key":"ref_4","unstructured":"(2017, June 13). Cisco Nexus 1000V Switch and Cisco vPath 2.5 Virtual Services Ecosystem. Available online: http:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/switches\/nexus-7000-series-switches\/white-paper-c11-730475.html."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/MC.2014.328","article-title":"Service Function Chaining Creating a Service Plane Using Network Service Header","volume":"47","author":"Quinn","year":"2014","journal-title":"Computer"},{"key":"ref_6","unstructured":"Jiang, Y., Li, H., and Wei, H. (2017, June 13). An architecture of service chaining. Available online: https:\/\/tools.ietf.org\/html\/draft-jiang-service-chaining-arch-00."},{"key":"ref_7","unstructured":"Wan, K., and Chang, R. (2002, January 27\u201330). Engineering of a global defense infrastructure for DDoS attacks. Proceedings of the 10th IEEE International Conference on Networks, Singapore, Singapore."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Khatua, S., Ghosh, A., and Mukherjee, N. (2010, January 6\u20138). Optimizing the utilization of virtual resources in Cloud environment. Proceedings of the 2010 IEEE International Conference on Virtual Environments Human-Computer Interfaces and Measurement Systems (VECIMS), Taranto, Italy.","DOI":"10.1109\/VECIMS.2010.5609349"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Alicherry, M., and Lakshman, T.V. (2013, January 14\u201319). Optimizing data access latencies in cloud systems by intelligent virtual machine placement. Proceedings of the IEEE INFOCOM, Turin, Italy.","DOI":"10.1109\/INFCOM.2013.6566850"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1888","DOI":"10.1109\/SURV.2013.013013.00155","article-title":"Virtual network embedding: A survey","volume":"15","author":"Fischer","year":"2013","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Chowdhury, N.M.M.K., Rahman, M.R., and Boutaba, R. (2009, January 19\u201325). Virtual network embedding with coordinated node and link mapping. Proceedings of the IEEE INFOCOM, Rio de Janeiro, Brazil.","DOI":"10.1109\/INFCOM.2009.5061987"},{"key":"ref_12","first-page":"49","article-title":"PolyViNE: Policy-based virtual network embedding across multiple domains","volume":"4","author":"Chowdhury","year":"2010","journal-title":"J. Internet Serv. Appl."},{"key":"ref_13","first-page":"266","article-title":"A centralized network policy controller for SDN-based service overlay networking","volume":"38","author":"Jo","year":"2013","journal-title":"J. Korea Inf. Commun. Soc."},{"key":"ref_14","unstructured":"Sazena, M., and Kumar, R. (2016, January 16\u201318). A recent trends in software defined networking (SDN) security. Proceedings of the Computing for Sustainable Global Development, New Delhi, India."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Satasiya, D., Raviya, R., and Kumar, H. (2016, January 25\u201327). Enhanced SDN security using firewall in a distributed scenario. Proceedings of the Advanced Communication Control and Computing Technologies, Ramanathapuram, India.","DOI":"10.1109\/ICACCCT.2016.7831708"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Shin, S., Xu, L., Hong, S., and Gu, G. (2016, January 1\u20134). Enhancing network security through software defined networking (SDN). Proceedings of the International Conference on Computer Communication and Networks, Waikoloa, HI, USA.","DOI":"10.1109\/ICCCN.2016.7568520"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Husssein, A., Elhajj, I.H., Chehab, A., and Kayssi, A. (2016, January 12\u201315). SDN security plane: An architecture for resilient security services. Proceedings of the IEEE International Conference on Cloud Engineering Workshop, Luxembourg, Luxembourg.","DOI":"10.1109\/IC2EW.2016.15"},{"key":"ref_18","unstructured":"Cox, J.H., Clark, R.J., and Owen, H.L. (April, January 30). Leveraging SDN for ARP security. Proceedings of the SoutheastCon, Norfolk, VA, USA."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Ranjbar, A., Komu, M., Salmela, P., and Aura, T. (2016, January 25\u201329). An SDN-based approach to enhance the end-to-end security: SSL\/TLS case study. Proceedings of the IEEE\/IFIP Network Operations and Management Symposium, Istanbul, Turkey.","DOI":"10.1109\/NOMS.2016.7502823"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Yao, L., Dong, P., Zheng, T., Zhang, H., Du, X., and Guizani, M. (2016, January 15\u201318). Network security analyzing and modeling based on petri net and attack tree for SDN. Proceedings of the International Conference on Computing Networking and Communications, Kauai, HI, USA.","DOI":"10.1109\/ICCNC.2016.7440631"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Pisharody, S., Chowdhary, A., and Huang, D. (2016, January 17\u201319). Security policy checking in distributed SDN based clouds. Proceedings of the IEEE Communications and Network Security, Philadelphia, PA, USA.","DOI":"10.1109\/CNS.2016.7860466"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Martins, J.S.B., and Cmpos, M.B. (2016, January 19\u201321). A security architecture proposal for detection and response to threats in SDN networks. Proceedings of the IEEE ANDESCON, Arequipa, Peru.","DOI":"10.1109\/ANDESCON.2016.7836244"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Patel, P., Tiwari, V., and Abhishek, M.K. (2016, January 25\u201327). SDN and NFV integration in openstack cloud to improve network services and security. Proceedings of the International Conference on Advanced Communication Control and Computing Technologies, Ramanathapuram, India.","DOI":"10.1109\/ICACCCT.2016.7831721"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Rupasinghe, P.L., Kulatunga, K.M.D.S.B., Murry, L., and Keseva, K. (2016, January 29\u201330). SDN based security solution for legislative email communications: Safe guarding communication. Proceedings of the International Conference on Computing, Communication and Automation, Greater Noida, India.","DOI":"10.1109\/CCAA.2016.7813796"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Ammar, M., Rizk, M., Hamid, A.A., and Seoud, A.K.A. (2016, January 21\u201323). A framework for security enhancement in SDN-based datacenters. Proceedings of the IFIP International Conference on New Technologies Mobility and Security, Larnaca, Cyprus.","DOI":"10.1109\/NTMS.2016.7792427"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Liu, Y., Guo, Z., Shou, G., and Hu, Y. (2016, January 21\u201323). To achieve a security service chain by integration of NFV and SDN. Proceedings of the International Conference on Instrumentation and Measurement, Computer, Communication and Control, Harbin, China.","DOI":"10.1109\/IMCCC.2016.162"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Wilczewski, D. (2016, January 23\u201327). Security considerations for equipment controllers and SDN. Proceedings of the IEEE International Telecommunications Energy Conference, Austin, TX, USA.","DOI":"10.1109\/INTLEC.2016.7749101"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Bull, P., Austin, R., Popov, E., Sharma, M., and Watson, R. (2016, January 22\u201324). Flow based security for IoT Devices using an SDN gateway. Proceedings of the IEEE 4th International Conference on Future Internet of Things and Cloud, Vienna, Austria.","DOI":"10.1109\/FiCloud.2016.30"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Gonzaiez, C., Charfadine, S.M., Flauzac, O., and Nolot, F. (2016, January 13\u201315). SDN-based security framework for the IoT in distributed grid. Proceedings of the International Multidisciplinary Conference on Computer and Energy Science, Split, Croatia.","DOI":"10.1109\/SpliTech.2016.7555946"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Huq, S. (2016, January 20\u201324). Hardening the SDN optical transport network security\u2014Is it a pleonasm or oxymoron?. Proceedings of the Optical Fiber Communications Conference and Exhibition, Anaheim, CA, USA.","DOI":"10.1364\/OFC.2016.Tu3J.1"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Basit, A., and Ahmed, N. (2017, January 10\u201314). Path diversity for inter-domain routing security. Proceedings of the International Bhurban Conference on Applied Sciences and Technology, Islamabad, Pakistan.","DOI":"10.1109\/IBCAST.2017.7868083"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1109\/COMST.2016.2618874","article-title":"Software defined networking architecture, security and energy efficiency: A survey","volume":"19","author":"Rawat","year":"2017","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"96","DOI":"10.1109\/MSP.2017.46","article-title":"Security challenges and opportunities of software-defined networking","volume":"15","author":"Dacier","year":"2017","journal-title":"IEEE Secur. Priv."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Li, C., Qin, Z., Novak, E., and Li, Q. (2017). Securing SDN infrastructure of IoT-Fog network from MitM Attacks. IEEE Internet Things J., Available online: http:\/\/ieeexplore.ieee.org\/document\/7883928\/.","DOI":"10.1109\/JIOT.2017.2685596"},{"key":"ref_35","unstructured":"Koo, S.K. (2017, June 13). Cyber security in South Korea: The threat within. Available online: http:\/\/thediplomat.com\/2013\/08\/cyber-security-in-south-korea-the-threat-within\/."},{"key":"ref_36","first-page":"519","article-title":"Internet traffic engineering by optimizing OSPF weights","volume":"2","author":"Fortz","year":"2000","journal-title":"INFOCOM"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"2046","DOI":"10.1109\/SURV.2013.031413.00127","article-title":"A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks","volume":"15","author":"Zargar","year":"2013","journal-title":"IEEE Commun. Surv. Tutor."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/8\/2\/65\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T18:38:56Z","timestamp":1760207936000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/8\/2\/65"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,6,13]]},"references-count":37,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2017,6]]}},"alternative-id":["info8020065"],"URL":"https:\/\/doi.org\/10.3390\/info8020065","relation":{},"ISSN":["2078-2489"],"issn-type":[{"type":"electronic","value":"2078-2489"}],"subject":[],"published":{"date-parts":[[2017,6,13]]}}}