Archivio Istituzionale della RicercaNetwork function virtualization (NFV) is a new networking paradigm that virtualizes single network functions. NFV introduces several advantages compared to classical approaches, such as the dynamic provisioning of functionality or the implementation of scalable and reliable services (e.g. adding a new instance to support demands). NFV also allows the deployment of security controls, like firewalls or VPN gateways, as virtualized network functions. However, currently there is not an automatic way to select the security functions to enable and to configure the selected ones according to a set of user's security requirements. This paper presents a first approach towards the integration of network and security policy management into the NFV framework. By adding to the NFV architecture a new software component, the Policy Manager, we provide NFV with an easy and effective way for users to specify their security requirements and a process that hides all the details of the correct deployment and configuration of security functions. To perform its tasks, the Policy Manager uses policy refinement techniques.
A novel approach for integrating security policy enforcement with dynamic network virtualization / Basile, Cataldo; Lioy, Antonio; Pitscheider, Christian; Valenza, Fulvio; Vallini, Marco. - STAMPA. - (2015). (Intervento presentato al convegno 1st IEEE Conference on Network Softwarization (NetSoft-2015) tenutosi a London (UK) nel 13-17 April 2015) [10.1109/NETSOFT.2015.7116152].
A novel approach for integrating security policy enforcement with dynamic network virtualization
BASILE, CATALDO;LIOY, ANTONIO;PITSCHEIDER, CHRISTIAN;VALENZA, FULVIO;VALLINI, MARCO
2015
Abstract
Network function virtualization (NFV) is a new networking paradigm that virtualizes single network functions. NFV introduces several advantages compared to classical approaches, such as the dynamic provisioning of functionality or the implementation of scalable and reliable services (e.g. adding a new instance to support demands). NFV also allows the deployment of security controls, like firewalls or VPN gateways, as virtualized network functions. However, currently there is not an automatic way to select the security functions to enable and to configure the selected ones according to a set of user's security requirements. This paper presents a first approach towards the integration of network and security policy management into the NFV framework. By adding to the NFV architecture a new software component, the Policy Manager, we provide NFV with an easy and effective way for users to specify their security requirements and a process that hides all the details of the correct deployment and configuration of security functions. To perform its tasks, the Policy Manager uses policy refinement techniques.
| File | Dimensione | Formato | |
|---|---|---|---|
|
2015Netsoft.pdf
non disponibili
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
471.36 kB
Formato
Adobe PDF
|
471.36 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
2015Netsoft_author.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
PUBBLICO - Tutti i diritti riservati
Dimensione
467.61 kB
Formato
Adobe PDF
|
467.61 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2592157