Network operators face several limitations in terms of infrastructure management and costs when trying to offer security services to a large number of customers with current technologies. Network Functions Virtualization and Software-Defined Networks paradigms try to overcome these limitations by allowing more flexibility, configurability and agility. Unfortunately, the problem of deciding which security services to use, where to place and how to configure them is a multidimensional problem that has no easy solution. This paper provides a model that can be used to determine the best allocation for the security applications needed to satisfy the user requirements while minimizing the cost for the network operator, subject to the different constraints expressed by the involved actors. This model can be exploited to pursue an initial dimensioning and set-up of the system infrastructure or to dynamically adapt it to support the user security policies. Initial validation shows that allocations generated with our model have considerable advantages in terms of costs and performance compared to traditional approaches.

Towards the Dynamic Provision of Virtualized Security Services / Basile, Cataldo; Pitscheider, Christian; Risso, FULVIO GIOVANNI OTTAVIO; Valenza, Fulvio; Vallini, Marco - In: Cyber Security and Privacy / Cleary F., Felici M.. - STAMPA. - [s.l] : Springer International Publishing, 2015. - ISBN 978-3-319-25359-6. - pp. 65-76 [10.1007/978-3-319-25360-2_6]

Towards the Dynamic Provision of Virtualized Security Services

BASILE, CATALDO;PITSCHEIDER, CHRISTIAN;RISSO, FULVIO GIOVANNI OTTAVIO;VALENZA, FULVIO;VALLINI, MARCO
2015

Abstract

Network operators face several limitations in terms of infrastructure management and costs when trying to offer security services to a large number of customers with current technologies. Network Functions Virtualization and Software-Defined Networks paradigms try to overcome these limitations by allowing more flexibility, configurability and agility. Unfortunately, the problem of deciding which security services to use, where to place and how to configure them is a multidimensional problem that has no easy solution. This paper provides a model that can be used to determine the best allocation for the security applications needed to satisfy the user requirements while minimizing the cost for the network operator, subject to the different constraints expressed by the involved actors. This model can be exploited to pursue an initial dimensioning and set-up of the system infrastructure or to dynamically adapt it to support the user security policies. Initial validation shows that allocations generated with our model have considerable advantages in terms of costs and performance compared to traditional approaches.
2015
978-3-319-25359-6
Cyber Security and Privacy
File in questo prodotto:
File Dimensione Formato  
2015CSP_author.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 816.75 kB
Formato Adobe PDF
816.75 kB Adobe PDF Visualizza/Apri
2015CSP.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 935.9 kB
Formato Adobe PDF
935.9 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2621480