Security in software defined network
First Claim
Patent Images
1. A method comprising:
- obtaining, at a controller of a software defined network, at least one security policy from a policy creator; and
implementing, via the controller, the security policy in the software defined network based on one or more attributes stored in the controller, the one or more attributes specifying each of a characteristic of the security policy, a role of the creator of the security policy, and a security privilege level of the role of the creator of the security policy;
wherein the method is performed by a processing device; and
wherein the characteristic of the security policy attribute describes whether the security policy is a real-time policy;
wherein when the characteristic of the security policy attribute indicates that the security policy is a real-time policy, the security policy is translated substantially without delay into one or more flow rules, updated in one or more flow tables, and synchronized with one or more software defined networking switches.
1 Assignment
0 Petitions
Accused Products
Abstract
At least one security policy is obtained from a policy creator at a controller in an SDN network. The security policy is implemented in the SDN network, via the controller, based on one or more attributes specifying a characteristic of the security policy, a role of the creator of the security policy, and a security privilege level of the role of the creator of the security policy.
-
Citations
23 Claims
-
1. A method comprising:
-
obtaining, at a controller of a software defined network, at least one security policy from a policy creator; and implementing, via the controller, the security policy in the software defined network based on one or more attributes stored in the controller, the one or more attributes specifying each of a characteristic of the security policy, a role of the creator of the security policy, and a security privilege level of the role of the creator of the security policy; wherein the method is performed by a processing device; and wherein the characteristic of the security policy attribute describes whether the security policy is a real-time policy; wherein when the characteristic of the security policy attribute indicates that the security policy is a real-time policy, the security policy is translated substantially without delay into one or more flow rules, updated in one or more flow tables, and synchronized with one or more software defined networking switches. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. An article of manufacture comprising a processor-readable storage medium having embodied therein executable program code that when executed by the processing device causes the processing device to perform:
-
obtaining, at a controller of a software defined network, at least one security policy from a policy creator; and implementing, via the controller, the security policy in the software defined network based on one or more attributes stored in the controller, the one or more attributes specifying each of a characteristic of the security policy, a role of the creator of the security policy, and a security privilege level of the role of the creator of the security policy; wherein the characteristic of the security policy attribute describes whether the security policy is a real-time policy; wherein when the characteristic of the security policy attribute indicates that the security policy is a real-time policy, the security policy is translated substantially without delay into one or more flow rules updated in one or more flow tables, and synchronized with one or more software defined networking switches.
-
-
23. An apparatus comprising:
-
a memory; and a processor operatively coupled to the memory to form a controller of a software defined network, the controller being configured to; obtain at least one security policy from a policy creator; and implement the security policy in the software defined network based on one or more attributes stored hi the controller, the one or more attributes specifying each of a characteristic of the security policy, a role of the creator of the security policy, and a security privilege level of the role of the creator of the security policy; wherein the characteristic of the security policy attribute describes whether the security policy is a real-time policy; wherein when the characteristic of the security policy attribute indicates that the security policy is a real-time policy, the security policy is translated substantially without delay into one or more flow rules, updated in one or more flow tables, and synchronized with one or more software defined networking switches.
-
Specification