Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

TL;DR

This paper proposes a novel service-oriented, virtualized architecture for network security that isolates security components from the operating system, enabling better detection, analysis, and response to intrusions.

Contribution

It introduces a virtualized, service-oriented security organization that separates security functions from the OS, enhancing intrusion detection and response capabilities.

Findings

Preliminary implementation shows promising results.

Virtualization allows infected nodes to be halted, duplicated, and moved.

Enhanced detection and analysis of intrusions.

Abstract

Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is distinguished. The security system then checks the node from outside and the right security components are provided through a service oriented architecture. Due to the running in a virtual machine, the infected nodes can be halted, duplicated, and moved to other nodes for further analysis and legal aspects. This organisation is in this article analysed and a preliminary implementation showing promising results are discussed.