Adding Support for Automatic Enforcement of Security Policies in NFV Networks
| Autor: | Fulvio Valenza, Cataldo Basile, Antonio Agustin Pastor Perales, Antonio Lioy, Diego R. Lopez |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
NFV security
Computer Networks and Communications Network security Computer science Distributed computing 02 engineering and technology Security policy security policy policy enforcement security capabilities Network Security Function Management and Network Orchestration GeneralLiterature_MISCELLANEOUS 0202 electrical engineering electronic engineering information engineering Resource management Orchestration (computing) Electrical and Electronic Engineering Enforcement Adaptation (computer science) business.industry 020206 networking & telecommunications Telecommunications network Computer Science Applications Resource allocation business Software |
| Zdroj: | IEEE/ACM Transactions on Networking |
| ISSN: | 1063-6692 |
| DOI: | 10.1109/tnet.2019.2895278 |
| Popis: | This paper introduces an approach towards automaticenforcement of security policies in NFV networks anddynamic adaptation to network changes. The approach relieson a refinement model that allows the dynamic transformationof high-level security requirements into configuration settingsfor the Network Security Functions (NSFs), and optimizationmodels that allow the optimal selection of the NSFs to use. Thesemodels are built on a formalization of the NSF capabilities, whichserves to unequivocally describe what NSFs are able to do forsecurity policy enforcement purposes. The approach proposed isthe first step towards a security policy aware NFV management,orchestration, and resource allocation system – a paradigm shiftfor the management of virtualized networks – and it requiresminor changes to the current NFV architecture. We prove thatour approach is feasible, as it has been implemented by extendingthe OpenMANO framework and validated on several networkscenarios. Furthermore, we prove with performance tests thatpolicy refinement scales well enough to support current andfuture virtualized networks. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|