Content-based security and protected core networking with software-defined networks

Successful execution of future network-centric military operations relies on effective enforcement of both need-to-know and responsibility- to-share principles. In modern military missions and coalitions, which have an increasingly agile character, a promising solution is to enforce security policies based on the properties of individual information objects - we call this approach content-based security. This article discusses the enforcement of content-based security policies at the different layers of the TCP/ IP model, and introduces a proof-of-concept implementation of a content-based protection and release mechanism in a software-defined networking environment. Our aim is to provide consistent enforcement of security policies across multiple system layers and multiple security dimensions (confidentiality, integrity, and availability). The results of an analysis of a concrete example of a software-defined network emulated in Mininet are encouraging and confirm the effectiveness of our approach with respect to improving protection of data in transit. The work presented in this article offers a basis for further research in this area.