Policy-Based Network and Security Management in Federated Service Infrastructures with Permissioned Blockchains
The 5G network architecture will support mobile next-generation points-of-presence (NG-POP) – for instance as part of aspired telecommunication-providers clouds – that deliver high-bandwidth network access as well as edge computing capacity. Given the large number of involved federated infrastructure operators, customers (tenants), and end users, dynamically provisioning services with network quality-of-service (QoS) and security policy constraints becomes increasingly complex and cannot yet be fully automated. Using the example of mobile NG-POPs for large-scale public events, such as soccer world championship matches, we first discuss the shortcomings and limits of state-of-the-art policy-based network and security management concepts in such future scenarios. We then present a novel approach to improve the scalability and degree of automation of network and security management tasks by storing parts of requirements for service level agreements (e.g., bandwidth guarantees) and security policies (e.g., regarding firewall settings) in a permissioned blockchain. An example of a smart contract running on the permissioned blockchains demonstrates the feasibility. Besides a critical discussion of the current limits of our approach, we outline the potential in contexts such as QoS monitoring by neutral third parties, transparent accounting and billing, and network neutrality, which more research in this area may yield.
KeywordsNetwork and security management 5G networks Permissioned blockchains Network QoS monitoring Smart contracts
This work has been performed in the framework of the CELTIC EUREKA project SENDATE-PLANETS (Project ID C2015/3-1), and it is partly funded by the German BMBF (Project Id 16KIS0549). The authors alone are responsible for the content of the paper.
- 1.Bari, M.F., Chowdhury, S.R., Ahmed, R., Boutaba, R.: PolicyCop: an autonomic QoS policy enforcement framework for software defined networks. In: Future Networks and Services (SDN4FNS), pp. 1–7. IEEE (2013)Google Scholar
- 2.Basnet, S.R., Shakya, S.: BSS: blockchain security over software defined network. In: 2017 International Conference on Computing, Communication and Automation (ICCCA), pp. 720–725, May 2017. https://doi.org/10.1109/CCAA.2017.8229910
- 3.Clemm, A.: Network Management Fundamentals. Cisco Press, Indianapolis (2006)Google Scholar
- 6.Moghaddam, F.F., Majd, A., Ahmadi, M., Khodadadi, T., Madadipouya, K.: A dynamic classification index to enhance data protection procedures in cloud-based environments. In: 2015 IEEE 6th Control and System Graduate Research Colloquium (ICSGRC), pp. 17–22. IEEE (2015)Google Scholar
- 7.Moghaddam, F.F., Wieder, P., Yahyapour, R.: Federated policy management engine for reliable cloud computing. In: 2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 910–915. IEEE (2017)Google Scholar
- 8.OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0 (2013). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf
- 9.Peters, G.W., Panayi, E.: Understanding modern banking ledgers through blockchain technologies: future of transaction processing and smart contracts on the internet of money. arXiv:1511.05740 [cs] (2015)
- 12.Yildiz, M., Abawajy, J., Ercan, T., Bernoth, A.: A layered security approach for cloud computing infrastructure. In: 2009 10th International Symposium on Pervasive Systems, Algorithms, and Networks (ISPAN), pp. 763–767. IEEE (2009)Google Scholar