Data-Centric Security in Software Defined Networks (Sdn)
暫譯: 以數據為中心的軟體定義網路安全性

The book focuses on applying the data-centric security (DCS) concept and leveraging the unique capabilities of software-defined networks (SDN) to improve the security and resilience of corporate and government information systems used to process critical information and implement business processes requiring special protection. As organisations increasingly rely on information technology, cyber threats to data and infrastructure can significantly affect their operations and adversely impact critical business processes. Appropriate authentication, authorisation, monitoring, and response measures must be implemented within the perimeter of the system to protect against adversaries. However, sophisticated attackers can compromise the perimeter defences and even remain in the system for a prolonged time without the owner being aware of these facts. Therefore, new security paradigms such as Zero Trust and DCS aim to provide defence under the assumption that the boundary protections will be breached.

Based on experience and lessons learned from research on the application of DCS to defence systems, the authors present an approach to integrating the DCS concept with SDN. They introduce a risk-aware approach to routing in SDN, enabling defence-in-depth and enhanced security for data in transit. The book describes possible paths for an organisation to transition towards DCS, indicating some open and challenging issues requiring further investigation. To allow interested readers to conduct detailed studies and evaluate the exemplary implementation of DCS over SDN, the text includes a short tutorial on using the emulation environment and links to the websites from which the software can be downloaded.