This paper introduces an approach towards automatic enforcement of security policies in fv networks and dynamic adaptation to network changes. The approach relies on a refinement model that allows the dynamic transformation of high-level security requirements into configuration settings for the Network Security Functions (NSFs), and optimization models that allow the optimal selection of the NSFs to use. These models are built on a formalization of the NSF capabilities, which serves to unequivocally describe what NSFs are able to do for security policy enforcement purposes. The approach proposed is the first step towards a security policy aware NFV management, orchestration, and resource allocation system - a paradigm shift for the management of virtualized networks - and it requires minor changes to the current NFV architecture. We prove that our approach is feasible, as it has been implemented by extending the OpenMANO framework and validated on several network scenarios. Furthermore, we prove with performance tests that policy refinement scales well enough to support current and future virtualized networks.
Adding Support for Automatic Enforcement of Security Policies in NFV Networks / Basile, Cataldo; Valenza, Fulvio; Lioy, Antonio; Lopez, Diego R.; Pastor Perales, Antonio. - In: IEEE-ACM TRANSACTIONS ON NETWORKING. - ISSN 1063-6692. - STAMPA. - 27:2(2019), pp. 707-720. [10.1109/TNET.2019.2895278]
Titolo: | Adding Support for Automatic Enforcement of Security Policies in NFV Networks | |
Autori: | ||
Data di pubblicazione: | 2019 | |
Rivista: | ||
Digital Object Identifier (DOI): | http://dx.doi.org/10.1109/TNET.2019.2895278 | |
Appare nelle tipologie: | 1.1 Articolo in rivista |
File in questo prodotto:
File | Descrizione | Tipologia | Licenza | |
---|---|---|---|---|
IEEE_ACM_10.1109_TNET.2019.2895278_preprint.pdf | Pre-print (authors' version) | 2. Post-print / Author's Accepted Manuscript | PUBBLICO - Tutti i diritti riservati | Visibile a tuttiVisualizza/Apri |
08637976.pdf | 2a Post-print versione editoriale / Version of Record | Non Pubblico - Accesso privato/ristretto | Administrator Richiedi una copia |
http://hdl.handle.net/11583/2724445