Rec. ITU-T X.1045 (10/2019) Security service chain architecture for networks and applications
Summary
History
FOREWORD
Table of Contents
Introduction
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Overview of security service chain
7 Architecture of security service chain
     7.1 Components of SSC architecture
          7.1.1 Security service exposure
          7.1.2 Security service chain catalogue and security service chain inventory
          7.1.3 Security function catalogue and security function inventory
          7.1.4 Virtual security function images repository
          7.1.5 Classification policy and SFP forwarding policy
          7.1.6 Network attack source tracing
          7.1.7 Security analytics and automatic response (SAAR)
     7.2 Supporting SSC interworking with SFC
8 Procedures for security service chain creation
     8.1 Procedures for creating stand-alone SSC
     8.2 Procedures for SSC interworking with SFC
9 Customized security services provided based on SSC
     9.1 Security service chain for data services based on data labelling
          9.1.1 Collecting data and storing data in datacentres securely
          9.1.2 Data sharing with third parties securely
     9.2 Security service chain for ITS services
          9.2.1 Authentication
          9.2.2 Traffic cleaning
     9.3 Security service chain to enable mitigating/preventing of network attacks automatically
          9.3.1 Tracing network attacks to their sources in a single SFC domain and blocking them automatically
          9.3.2 Tracing network attacks to their sources across SFC domains and blocking them automatically
Annex A  IETF SFC NSH extensions
     A.1 NSH extensions to support the service chain in one SFC domain interworking with another service chain in another SFC domain
     A.2 NSH extensions to support customized security protection for data services based on data labelling
     A.3 NSH extensions to support tracing network attacks to their sources in SFC overlay network with high performance
Annex B  Data labelling schemes
     B.1 Data labelling schemes
     B.2 To generate data labels and add data labels during data moving in and out of a datacentre
Annex C  Service function chain for special vehicle (SV) speedup
Bibliography