Conference paper Open Access

Automated Security Management for Virtual Services

Repetto, Matteo; Carrega, Alessandro; Yusupov, Jaloliddin; Valenza, Fulvio; Risso, Fulvio; Lamanna, Guerino

The virtualization of applications and network func- tions facilitates the dynamic creation of compound services, au- tomating both the provisioning of computing/networking/storage resources and their life-cycle management. Virtualization of security appliances is a common approach to protect such services, but can neither offer broad visibility across the whole deployed service nor implement coordinated and fine-grained enforcement actions.

This paper proposes a novel security framework based on the integration of lightweight and programmable monitoring and enforcement hooks in each virtual function, which are collectively controlled by a common logic for prevention, detection, reaction, and mitigation of security threats. Our framework keeps direct control over the functionalities of the security hooks, and lever- ages standard orchestration tools for management actions on the service graph. It can be automatically instantiated by common orchestration operations, hence seamlessly integrating with the deployment process of service graphs.

Files (119.3 kB)
Name Size
nfvsdn19demo-1.pdf
md5:2ecf52e9276e73ac2ae33a5595d3b47f
119.3 kB Download
9
15
views
downloads
Views 9
Downloads 15
Data volume 1.8 MB
Unique views 8
Unique downloads 15

Share

Cite as