A DATA DRIVEN ORCHESTRATION FRAMEWORK IN SOFTWARE DEFINED SECURITY

Software-Defined Security (SDS), which provides a flexible and centralized security solution by abstracting the security mechanisms from the hardware layer into a software layer, attracts many researchers to study the detail of this conception. One of the key challenges of SDS is how to schedule and orchestrate security appliances according to huge and heterogeneous threat information, especially when they are still lack of standardized interfaces. In this paper, we present a data driven Security Device Orchestration Framework (SDOF) for SDS. In SDOF, we put forward uniform interfaces for security devices so that they could be orchestrated by software and their data could be collected and processed centrally. The complex Structured Threat information eXpression (STIX) ontology and corresponding tools are tailored for SDOF to standardize and centralize all data in SDS. These two achievements makes real-time dynamic orchestration possible in SDS. We also provide an orchestration scenario to demonstrate how SDOF works and evaluated its performance.