Adding Support for Automatic Enforcement of Security Policies in NFV Networks

This paper introduces an approach towards automatic enforcement of security policies in fv networks and dynamic adaptation to network changes. The approach relies on a refinement model that allows the dynamic transformation of high-level security requirements into configuration settings for the Network Security Functions (NSFs), and optimization models that allow the optimal selection of the NSFs to use. These models are built on a formalization of the NSF capabilities, which serves to unequivocally describe what NSFs are able to do for security policy enforcement purposes. The approach proposed is the first step towards a security policy aware NFV management, orchestration, and resource allocation system - a paradigm shift for the management of virtualized networks - and it requires minor changes to the current NFV architecture. We prove that our approach is feasible, as it has been implemented by extending the OpenMANO framework and validated on several network scenarios. Furthermore, we prove with performance tests that policy refinement scales well enough to support current and future virtualized networks.

Adding Support for Automatic Enforcement of Security Policies in NFV Networks / Basile, Cataldo; Valenza, Fulvio; Lioy, Antonio; Lopez, Diego R.; Pastor Perales, Antonio. - In: IEEE-ACM TRANSACTIONS ON NETWORKING. - ISSN 1063-6692. - STAMPA. - 27:2(2019), pp. 707-720. [10.1109/TNET.2019.2895278]

SFX
Titolo: Adding Support for Automatic Enforcement of Security Policies in NFV Networks
Autori: 
BASILE, CATALDO
VALENZA, FULVIO
LIOY, ANTONIO
mostra contributor esterni 
Data di pubblicazione: 2019
Rivista: 
IEEE-ACM TRANSACTIONS ON NETWORKING  
Digital Object Identifier (DOI): http://dx.doi.org/10.1109/TNET.2019.2895278
Appare nelle tipologie:1.1 Articolo in rivista

File in questo prodotto:
FileDescrizioneTipologiaLicenza 
IEEE_ACM_10.1109_TNET.2019.2895278_preprint.pdf Pre-print (authors' version)2. Post-print / Author's Accepted ManuscriptPUBBLICO - Tutti i diritti riservatiVisibile a tuttiVisualizza/Apri
08637976.pdf 2a Post-print versione editoriale / Version of RecordNon Pubblico - Accesso privato/ristrettoAdministrator   Richiedi una copia
Utilizza questo identificativo per citare o creare un link a questo documento:
http://hdl.handle.net/11583/2724445
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
 
 
 
Powered by IRIS-about IRIS-Utilizzo dei cookie
Logo CINECA  Copyright © 2022