Conference paper Open Access

Towards Novel Security Architectures for Network Functions Virtualization

Repetto, Matteo; Carrega, Alessandro; Lamanna, Guerino

The definition of elastic network services that can be orchestrated at run-time brings unprecedented agility and dynamicity in network operation, but also complicates security management. As a matter of fact, cyber-security appliances are still largely stuck to traditional paradigms, based on rela- tively static topologies and the security perimeter model. The uptake of service-oriented architectures and microservices is now suggesting to compose security services by orchestrating monitoring, inspection, and enforcement capabilities, which are natively implemented in each elementary component (virtual functions, software-defined network equipment).

In this paper, we describe and evaluate a novel framework for monitoring, inspection and enforcement that provides a broad and heterogeneous security context for centralized analytics, correlation and detection. Our work represents the preliminary step towards the creation of true Security-as-a-Service (SecaaS) paradigms in virtualized environments, through programmatic composition of common capabilities available in each virtual function.

Files (1.1 MB)
Name Size
nfvsdn19-2.pdf
md5:9e4260f5775d7548aa59c55d285bbd8e
1.1 MB Download
12
16
views
downloads
Views 12
Downloads 16
Data volume 17.1 MB
Unique views 8
Unique downloads 15

Share

Cite as