FIRM: A Function-Independent Rule Management System for Mobile Security Function Chaining

Guanwen Li⁺, Bohao Feng, Huachun Zhou, and Guanglei Li

Beijing Jiaotong University, Beijing, China
{guanwen_li, bohaofeng, hchzhou, guangleili}@bjtu.edu.cn

Abstract

With the development of SDN/NFV technologies in 5G, the mobile security function chaining is supposed to meet the rapidly growing security requirements for mobile traffic. However, there are still many challenges to be addressed. Among them, how to correctly configure an ordered set of security functions is an important topic, but does not draw much attention from researchers. Thus, in this paper, we propose a framework of function-independent rule management(FIRM) with the corresponding security rule specification, which decouples the security rules with the specific functions and simplifies related configurations. The purpose is to alleviate misconfigurations of security rules related functions. We built the FIRM prototype and conduct several experiments. The related experim ent results confirm its availability and superiority.

Keywords: Security Function Chaining, Security Rule Specification, Function-independent Rule Management

+: Corresponding author: Guanwen Li
Beijing Jiaotong University, No.3 Shangyuancun, Haidian District, Beijing 100044, China
Tel: +86-130-1118-1332

IT Convergence Practice (INPRA), Vol. 5, No. 4, pp. 1-10, December 2017 [pdf]