This paper presents a methodology for automating network management and security enforcement in cloud-native environments through an intent-based approach. Intents allow for the specification of security requirements and precise enforcement details, such as security controls. Moreover, they enable defining changes to the networking environment and additional requirements to react to security-relevant events. A refinement process completes enforcement decisions when details are left unspecified, including the security controls to use and the network layout, and then generates the security controls' configurations. An automated framework deploys the desired chains in software networks orchestrated with Kubernetes and configures the involved security controls thanks to an Network Service Mesh-based operator. The approach has been validated in realistic use cases and proved scalable and helpful in simplifying administrator tasks and reducing errors.

Dynamic Security Provisioning for Cloud-Native Networks: An Intent-Based Approach / Settanni, Francesco; Zamponi, Alessandro; Basile, Cataldo. - STAMPA. - (2024), pp. 321-328. (Intervento presentato al convegno 2024 IEEE International Conference on Cyber Security and Resilience (CSR) tenutosi a London (UK) nel 02-04 September 2024) [10.1109/csr61664.2024.10679397].

Dynamic Security Provisioning for Cloud-Native Networks: An Intent-Based Approach

Settanni, Francesco;Zamponi, Alessandro;Basile, Cataldo
2024

Abstract

This paper presents a methodology for automating network management and security enforcement in cloud-native environments through an intent-based approach. Intents allow for the specification of security requirements and precise enforcement details, such as security controls. Moreover, they enable defining changes to the networking environment and additional requirements to react to security-relevant events. A refinement process completes enforcement decisions when details are left unspecified, including the security controls to use and the network layout, and then generates the security controls' configurations. An automated framework deploys the desired chains in software networks orchestrated with Kubernetes and configures the involved security controls thanks to an Network Service Mesh-based operator. The approach has been validated in realistic use cases and proved scalable and helpful in simplifying administrator tasks and reducing errors.
2024
979-8-3503-7536-7
File in questo prodotto:
File Dimensione Formato  
Dynamic_Security_Provisioning_for_Cloud-Native_Networks_An_Intent-Based_Approach.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 271 kB
Formato Adobe PDF
271 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2993058