Two Formal Design Solutions for the Generalization of Network Segmentation

Computer networks are getting more complex with enormous number of resources, diverse access control policies, and spanning over different platforms and geographical regions. Usually, these networks have multiple entry points -- as we see in sliced 5G networks. Securing these networks has become an extremely challenging task. A primary tenet for securing networks is the principle of segmentation -- clustering resources with "similar" security requirements. In this paper, we propose two algorithms for segmenting networks with multiple entry points. These algorithms are based on mathematical formalisms for network segmentation -- thus enabling automation and dynamic segmentation of these networks. Finally, we use Mininet, a Software Defined Network (SDN) emulator tool, to illustrate the usage of the proposed algorithms to configure and govern networks within three typical SDN architectures.