This paper presents a methodology for automating network management and security enforcement in cloud-native environments through an intent-based approach. Intents allow for the specification of security requirements and precise enforcement details, such as security controls. Moreover, they enable defining changes to the networking environment and additional requirements to react to security-relevant events. A refinement process completes enforcement decisions when details are left unspecified, including the security controls to use and the network layout, and then generates the security controls' configurations. An automated framework deploys the desired chains in software networks orchestrated with Kubernetes and configures the involved security controls thanks to an Network Service Mesh-based operator. The approach has been validated in realistic use cases and proved scalable and helpful in simplifying administrator tasks and reducing errors.
Dynamic Security Provisioning for Cloud-Native Networks: An Intent-Based Approach / Settanni, Francesco; Zamponi, Alessandro; Basile, Cataldo. - STAMPA. - (2024), pp. 321-328. (Intervento presentato al convegno 2024 IEEE International Conference on Cyber Security and Resilience (CSR) tenutosi a London (UK) nel 02-04 September 2024) [10.1109/csr61664.2024.10679397].
Dynamic Security Provisioning for Cloud-Native Networks: An Intent-Based Approach
Settanni, Francesco;Zamponi, Alessandro;Basile, Cataldo
2024
Abstract
This paper presents a methodology for automating network management and security enforcement in cloud-native environments through an intent-based approach. Intents allow for the specification of security requirements and precise enforcement details, such as security controls. Moreover, they enable defining changes to the networking environment and additional requirements to react to security-relevant events. A refinement process completes enforcement decisions when details are left unspecified, including the security controls to use and the network layout, and then generates the security controls' configurations. An automated framework deploys the desired chains in software networks orchestrated with Kubernetes and configures the involved security controls thanks to an Network Service Mesh-based operator. The approach has been validated in realistic use cases and proved scalable and helpful in simplifying administrator tasks and reducing errors.File | Dimensione | Formato | |
---|---|---|---|
Dynamic_Security_Provisioning_for_Cloud-Native_Networks_An_Intent-Based_Approach.pdf
non disponibili
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
271 kB
Formato
Adobe PDF
|
271 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2993058