Published November 14, 2019 | Version v1
Conference paper Open

Towards Novel Security Architectures for Network Functions Virtualization

  • 1. CNIT
  • 2. Infocom Srl


The definition of elastic network services that can be orchestrated at run-time brings unprecedented agility and dynamicity in network operation, but also complicates security management. As a matter of fact, cyber-security appliances are still largely stuck to traditional paradigms, based on rela- tively static topologies and the security perimeter model. The uptake of service-oriented architectures and microservices is now suggesting to compose security services by orchestrating monitoring, inspection, and enforcement capabilities, which are natively implemented in each elementary component (virtual functions, software-defined network equipment).

In this paper, we describe and evaluate a novel framework for monitoring, inspection and enforcement that provides a broad and heterogeneous security context for centralized analytics, correlation and detection. Our work represents the preliminary step towards the creation of true Security-as-a-Service (SecaaS) paradigms in virtualized environments, through programmatic composition of common capabilities available in each virtual function.



Files (1.1 MB)

Name Size Download all
1.1 MB Preview Download

Additional details


ASTRID – AddreSsing ThReats for virtualIseD services 786922
European Commission
GUARD – A cybersecurity framework to GUArantee Reliability and trust for Digital service chains 833456
European Commission