Policy-Based Network and Security Management in Federated Service Infrastructures with Permissioned Blockchains

  • Michael GrabatinEmail author
  • Wolfgang Hommel
  • Michael Steinke
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 969)


The 5G network architecture will support mobile next-generation points-of-presence (NG-POP) – for instance as part of aspired telecommunication-providers clouds – that deliver high-bandwidth network access as well as edge computing capacity. Given the large number of involved federated infrastructure operators, customers (tenants), and end users, dynamically provisioning services with network quality-of-service (QoS) and security policy constraints becomes increasingly complex and cannot yet be fully automated. Using the example of mobile NG-POPs for large-scale public events, such as soccer world championship matches, we first discuss the shortcomings and limits of state-of-the-art policy-based network and security management concepts in such future scenarios. We then present a novel approach to improve the scalability and degree of automation of network and security management tasks by storing parts of requirements for service level agreements (e.g., bandwidth guarantees) and security policies (e.g., regarding firewall settings) in a permissioned blockchain. An example of a smart contract running on the permissioned blockchains demonstrates the feasibility. Besides a critical discussion of the current limits of our approach, we outline the potential in contexts such as QoS monitoring by neutral third parties, transparent accounting and billing, and network neutrality, which more research in this area may yield.


Network and security management 5G networks Permissioned blockchains Network QoS monitoring Smart contracts 



This work has been performed in the framework of the CELTIC EUREKA project SENDATE-PLANETS (Project ID C2015/3-1), and it is partly funded by the German BMBF (Project Id 16KIS0549). The authors alone are responsible for the content of the paper.


  1. 1.
    Bari, M.F., Chowdhury, S.R., Ahmed, R., Boutaba, R.: PolicyCop: an autonomic QoS policy enforcement framework for software defined networks. In: Future Networks and Services (SDN4FNS), pp. 1–7. IEEE (2013)Google Scholar
  2. 2.
    Basnet, S.R., Shakya, S.: BSS: blockchain security over software defined network. In: 2017 International Conference on Computing, Communication and Automation (ICCCA), pp. 720–725, May 2017.
  3. 3.
    Clemm, A.: Network Management Fundamentals. Cisco Press, Indianapolis (2006)Google Scholar
  4. 4.
    Di Modica, G., Tomarchio, O.: Matchmaking semantic security policies in heterogeneous clouds. Future Gener. Comput. Syst. 55, 176–185 (2016)CrossRefGoogle Scholar
  5. 5.
    Machen, A., Wang, S., Leung, K.K., Ko, B.J., Salonidis, T.: Live service migration in mobile edge clouds. IEEE Wirel. Commun. 25(1), 140–147 (2018)CrossRefGoogle Scholar
  6. 6.
    Moghaddam, F.F., Majd, A., Ahmadi, M., Khodadadi, T., Madadipouya, K.: A dynamic classification index to enhance data protection procedures in cloud-based environments. In: 2015 IEEE 6th Control and System Graduate Research Colloquium (ICSGRC), pp. 17–22. IEEE (2015)Google Scholar
  7. 7.
    Moghaddam, F.F., Wieder, P., Yahyapour, R.: Federated policy management engine for reliable cloud computing. In: 2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 910–915. IEEE (2017)Google Scholar
  8. 8.
    OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0 (2013).
  9. 9.
    Peters, G.W., Panayi, E.: Understanding modern banking ledgers through blockchain technologies: future of transaction processing and smart contracts on the internet of money. arXiv:1511.05740 [cs] (2015)
  10. 10.
    Soares, J., et al.: Toward a telco cloud environment for service functions. IEEE Commun. Mag. 53(2), 98–106 (2015)CrossRefGoogle Scholar
  11. 11.
    Sood, S.K.: A combined approach to ensure data security in cloud computing. J. Netw. Comput. Appl. 35(6), 1831–1838 (2012)CrossRefGoogle Scholar
  12. 12.
    Yildiz, M., Abawajy, J., Ercan, T., Bernoth, A.: A layered security approach for cloud computing infrastructure. In: 2009 10th International Symposium on Pervasive Systems, Algorithms, and Networks (ISPAN), pp. 763–767. IEEE (2009)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Michael Grabatin
    • 1
    Email author
  • Wolfgang Hommel
    • 1
  • Michael Steinke
    • 1
  1. 1.Research Institute Cyber-DefenceBundeswehr University MunichNeubibergGermany

Personalised recommendations