Interface to Network Security Functions for Cloud-Based Security Services

Network functions virtualization and cloudbased security services will become increasingly common in enterprise network systems to reduce the system operation costs and take advantage of the diverse network security functions (NSFs) developed by multiple vendors. In such a network environment, standardizing the interfaces to the NSFs of different vendors is essential to simplify the management of these heterogeneous NSFs. In addition, software-defined networking can be imposed to optimize the security service process in such cloud-based service environments by enforcing some types of packet filtering rules at the SDN switches, instead of NSFs possibly placed in remote clouds. The Interface to Network Security Functions (I2NSF) Working Group, which is part of the Internet Engineering Task Force, is currently developing a set of standard interfaces to such heterogeneous NSFs. In this article, we present the design and development of an I2NSF architecture and propose improving its efficiency by integrating it with SDN. In our work, we implement the SDN-integrated I2NSF architecture and its security applications. This article also discusses several standardization and research challenges for I2NSF.