This page will soon be deactivated—explore our new, faster, mobile-friendly site, now centralized in MyWorkspace!

Committed to connecting the world

  •  
ITU GSR 2024

ITU-T work programme

[2013-2016] : [SG17] : [Q6/17]

[Declared patent(s)]  - [Publication]
Work item: X.sdnsec-1
Subject/title: Security services using the software-defined networking
Status: [Carried to next study period]
Approval process: TAP
Type of work item: Recommendation
Version: New
Equivalent number: -
Timing: -
Liaison: -
Supporting members: ETRI, HUAWEI, KISA, Korea (Republic of).
Summary: Due to the increase of sophisticated network attacks, the legacy security services become difficult to cope with such network attacks in an autonomous manner. Software-Defined Networking (SDN) has been introduced to make networks more controllable and manageable, and this SDN technology will be promising to autonomously deal with such network attacks in a prompt manner. Recommendation ITU-T X.sdnsec-1 raises requirements to support the protection of network resources using security services based on SDN. Also, this Recommendation proposes two use cases of the security services, such as centralized firewall system and centralized DDoS-attack mitigation system. For the centralized firewall system, this Recommendation raises limitations in legacy firewalls in terms of flexibility and administration costs. Since in many cases, access control management for firewall is manually performed, it is difficult to add the access control policy rules corresponding to new network attacks in a prompt and autonomous manner. Thus, this situation requires expensive administration costs. This Recommendation introduces a use case of SDN-based firewall system to overcome these limitations. For the centralized DDoS-attack mitigation system, this Recommendation raises limitations in legacy DDoS-attack mitigation techniques in terms of flexibility and administration costs. Since in many cases, network configuration for the mitigation is manually performed, it is difficult to dynamically configure network devices to limit and control suspicious network traffic for DDoS attacks. This Recommendation introduces a use case of SDN-based DDoS-attack mitigation system to provide an autonomous and prompt configuration for suspicious network traffic.
Comment: -
Reference(s):
  Historic references:
Contact(s):
Hyoungshick KIM, Editor
Jung Soo PARK, Editor
ITU-T A.5 justification(s):
Generate A.5 drat TD
-
[Submit new A.5 justification ]
See guidelines for creating & submitting ITU-T A.5 justifications
First registration in the WP: 2014-10-22 16:07:48
Last update: 2016-09-16 14:55:59

© ITU All Rights Reserved

Back to top