Network function virtualization (NFV) is a new networking paradigm that virtualizes single network functions. NFV introduces several advantages compared to classical approaches, such as the dynamic provisioning of functionality or the implementation of scalable and reliable services (e.g. adding a new instance to support demands). NFV also allows the deployment of security controls, like firewalls or VPN gateways, as virtualized network functions. However, currently there is not an automatic way to select the security functions to enable and to configure the selected ones according to a set of user's security requirements. This paper presents a first approach towards the integration of network and security policy management into the NFV framework. By adding to the NFV architecture a new software component, the Policy Manager, we provide NFV with an easy and effective way for users to specify their security requirements and a process that hides all the details of the correct deployment and configuration of security functions. To perform its tasks, the Policy Manager uses policy refinement techniques.

A novel approach for integrating security policy enforcement with dynamic network virtualization / Basile, Cataldo; Lioy, Antonio; Pitscheider, Christian; Valenza, Fulvio; Vallini, Marco. - STAMPA. - (2015). (Intervento presentato al convegno 1st IEEE Conference on Network Softwarization (NetSoft-2015) tenutosi a London (UK) nel 13-17 April 2015) [10.1109/NETSOFT.2015.7116152].

A novel approach for integrating security policy enforcement with dynamic network virtualization

BASILE, CATALDO;LIOY, ANTONIO;PITSCHEIDER, CHRISTIAN;VALENZA, FULVIO;VALLINI, MARCO
2015

Abstract

Network function virtualization (NFV) is a new networking paradigm that virtualizes single network functions. NFV introduces several advantages compared to classical approaches, such as the dynamic provisioning of functionality or the implementation of scalable and reliable services (e.g. adding a new instance to support demands). NFV also allows the deployment of security controls, like firewalls or VPN gateways, as virtualized network functions. However, currently there is not an automatic way to select the security functions to enable and to configure the selected ones according to a set of user's security requirements. This paper presents a first approach towards the integration of network and security policy management into the NFV framework. By adding to the NFV architecture a new software component, the Policy Manager, we provide NFV with an easy and effective way for users to specify their security requirements and a process that hides all the details of the correct deployment and configuration of security functions. To perform its tasks, the Policy Manager uses policy refinement techniques.
2015
978-1-4799-7899-1
File in questo prodotto:
File Dimensione Formato  
2015Netsoft.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 471.36 kB
Formato Adobe PDF
471.36 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
2015Netsoft_author.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 467.61 kB
Formato Adobe PDF
467.61 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2592157