Data Protection Intents for Software-Defined Networking

The rise of intent-based networking (IBN) allows enterprises to use software-defined networking (SDN) architectures to specify what network requirements are needed rather than specify how such requirements will be implemented. For enterprises that process personal data, those network requirements must necessarily consider data protection by design to comply with new regulations such as the European Union's GDPR. We argue that the centralized data plane view of SDN architectures and the network intent abstractions of IBN can aid in the design of systems that require data protection. We propose a data protection intent framework that leverages SDN and network intents. We use the GDPR as a representative data protection framework and identify the applicable regulatory requirements for system and network design. Based on those requirements, we design an SDN-based architecture for data protection intents that allows data services to request network resources by using data protection abstractions. We implement a proof-of-concept network application for the ONOS SDN controller and explain how our framework can be useful in a representative data breach case study to aid in responding to regulator requests.