The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On another hand, when various users share devices (e.g. parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of these problems, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users’ terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.

Virtualized Security at the Network Edge: A User-centric Approach / Montero, D.; Yannuzzi, M.; Shaw, A.; Jacquin, L.; Pastor, A.; Serral Gracià, R.; Lioy, Antonio; Risso, FULVIO GIOVANNI OTTAVIO; Basile, Cataldo; Sassu, Roberto; Nemirovsky, M.; Ciaccia, Francesco; Georgiades, M.; Charalambides, S.; Kuusijarvi, J.; Bosco, F.. - In: IEEE COMMUNICATIONS MAGAZINE. - ISSN 0163-6804. - STAMPA. - 53:4(2015), pp. 176-186. [10.1109/MCOM.2015.7081092]

Virtualized Security at the Network Edge: A User-centric Approach

LIOY, ANTONIO;RISSO, FULVIO GIOVANNI OTTAVIO;BASILE, CATALDO;SASSU, ROBERTO;CIACCIA, FRANCESCO;
2015

Abstract

The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On another hand, when various users share devices (e.g. parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of these problems, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users’ terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.
File in questo prodotto:
File Dimensione Formato  
SECURED_IEEE_CommMag_1504.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 434.14 kB
Formato Adobe PDF
434.14 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
SECURED_IEEE_CommMag_1504_preprint.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 1.55 MB
Formato Adobe PDF
1.55 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2592156
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo