%0 Conference Paper %1 Homm1809:Policy %A Grabatin, Michael %A Hommel, Wolfgang %A Steinke, Michael %B Sixth International Symposium on Security in Computing and Communications(SSCC’18) (SSCC-2018) %C Bangalore, India, India %D 2018 %K %T Policy-based network and security management in federated service infrastructures with permissioned blockchains %X The 5G network architecture will support mobile next-generation points-of-presence (NG-POP) -- for instance as part of aspired telecommunications providers clouds -- that deliver high-bandwidth network access as well as edge computing capacity. Given the large number of involved federated infrastructure operators, customers (tenants), and end users, dynamically provisioning services with network quality-of-service (QoS) and security policy constraints becomes increasingly complex and cannot yet be fully automated. Using the example of mobile NG-POPs for large-scale public events, such as soccer world championship matches, we first discuss the shortcomings and limits of state-of-the-art policy-based network and security management concepts in such future scenarios. We then present a novel approach to improve the scalability and degree of automation of network and security management tasks by storing parts of requirements for service level agreements (e.g., bandwidth guarantees) and security policies (e.g., regarding firewall settings) in a permissioned blockchain. An example of a smart contract running on the permissioned blockchains demonstrates the feasibility. Besides a critical discussion of the current limits of our approach, we outline the potential in contexts such as QoS monitoring by neutral third parties, transparent accounting and billing, and network neutrality, which more research in this area may yield.

@inproceedings{Homm1809:Policy, abstract = {The 5G network architecture will support mobile next-generation points-of-presence (NG-POP) -- for instance as part of aspired telecommunications providers clouds -- that deliver high-bandwidth network access as well as edge computing capacity. Given the large number of involved federated infrastructure operators, customers (tenants), and end users, dynamically provisioning services with network quality-of-service (QoS) and security policy constraints becomes increasingly complex and cannot yet be fully automated. Using the example of mobile NG-POPs for large-scale public events, such as soccer world championship matches, we first discuss the shortcomings and limits of state-of-the-art policy-based network and security management concepts in such future scenarios. We then present a novel approach to improve the scalability and degree of automation of network and security management tasks by storing parts of requirements for service level agreements (e.g., bandwidth guarantees) and security policies (e.g., regarding firewall settings) in a permissioned blockchain. An example of a smart contract running on the permissioned blockchains demonstrates the feasibility. Besides a critical discussion of the current limits of our approach, we outline the potential in contexts such as QoS monitoring by neutral third parties, transparent accounting and billing, and network neutrality, which more research in this area may yield.}, added-at = {2023-12-12T19:46:15.000+0100}, address = {Bangalore, India, India}, author = {Grabatin, Michael and Hommel, Wolfgang and Steinke, Michael}, biburl = {https://www.bibsonomy.org/bibtex/2a1c02ebfaf20871e6a0362af3ad2ff96/admin}, booktitle = {Sixth International Symposium on Security in Computing and Communications(SSCC’18) (SSCC-2018)}, days = {18}, interhash = {25cc07660a9bd82ef7494b87e69e4bca}, intrahash = {a1c02ebfaf20871e6a0362af3ad2ff96}, keywords = {}, month = sep, timestamp = {2023-12-12T19:46:15.000+0100}, title = {Policy-based network and security management in federated service infrastructures with permissioned blockchains}, year = 2018 }