A Framework for Enabling Security Services Collaboration Across Multiple Domains

Migault, Daniel; Simplício, Marcos A.; Barros, Bruno M.; Pourzandi, Makan; Almeida, Thiago R. M.; Andrade, Ewerton R.; Carvalho, Tereza Cristina Melo de Brito

doi:10.1109/icdcs.2017.67

Cited by 12 publications

(6 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[137] Concise binary object representation (CBOR) is paper reports instantiated architecture for verification and secure measurement of dynamic runtime information for Linux-based OS. [138] Multidomain networks…”

Section: ]mentioning

confidence: 99%

Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions

Liao

Nazir

Khan

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Software component plays a significant role in the functionality of software systems. Component of software is the existing and reusable parts of a software system that is formerly debugged, confirmed, and practiced. The use of such components in a newly developed software system can save effort, time, and many resources. Due to the practice of using components for new developments, security is one of the major concerns for researchers to tackle. Security of software components can save the software from the harm of illegal access and damages of its contents. Several existing approaches are available to solve the issues of security of components from different perspectives in general while security evaluation is specific. A detailed report of the existing approaches and techniques used for security purposes is needed for the researchers to know about the approaches. In order to tackle this issue, the current research presents a systematic literature review (SLR) of the present approaches used for assessing the security of software components in the literature by practitioners to protect software systems for the Internet of Things (IoT). The study searches the literature in the popular and well-known libraries, filters the relevant literature, organizes the filter papers, and extracts derivations from the selected studies based on different perspectives. The proposed study will benefit practitioners and researchers in support of the report and devise novel algorithms, techniques, and solutions for effective evaluation of the security of software components.

show abstract

Section: ]mentioning

confidence: 99%

Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions

Liao

Nazir

Khan

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In their study, Martin‐Perez et al 25 proposed the improved heuristic algorithms to map the SFC in federated multi‐domain scenarios satisfying imposed restrictions in terms of resource sharing. In their study, Migault et al 26 proposed a collaborative SFC deployment framework to support both inter‐domain and intra‐domain collaboration among security SFCs, allowing security VNFs from different domains to negotiate and dynamically control the amount of resources dedicated to collaboration. In their study, by leveraging data analytics, Chen et al 27 proposed a knowledge‐based autonomous service provisioning framework for multi‐domain elastic optical networks to achieve the autonomy of each management domain.…”

Section: The State Of the Art Of Multi‐domain Sfc Deploymentmentioning

confidence: 99%

The intelligent multi‐domain service function chain deployment: Architecture, challenges and solutions

Zhang

Wang

Dong

et al. 2020

Int J Communication

View full text Add to dashboard Cite

Network function virtualization (NFV) technology achieves flexible service deployment by replacing the middleboxes with virtual network functions (VNFs). In NFV, a set of VNFs are chained in a given order, called service function chain (SFC), and accordingly, data flow is steered to traverse all the VNFs in order to offer a service. With a large number of network devices and end users being connected into Internet, there is a growing demand for largescale multi-domain networks to dynamically deploy the SFC across multiple network domains, in order to support efficient service provisioning. To this end, in this paper, we first investigate the state of the art of multi-domain SFC deployment, and then propose an intelligent multi-domain SFC deployment (IMSD) architecture by leveraging software-defined networking (SDN), NFV, and deep learning technologies. Furthermore, we discuss the potential challenges to realize the IMSD and provide some promising solutions. K E Y W O R D S deep learning, multi-domain networks, SDN, SFC deployment 1 | INTRODUCTION Recently, a great variety of middleboxes have been designed to efficiently provide various network services. 1 However, the service provisioning method is not flexible and leads to large capital expenditure (CAPEX) and operational expenditure (OPEX) since the middleboxes are heavily dependent on specific hardware devices. Fortunately, the emergence of network function virtualization (NFV) technology provides a promising solution to address the issues. NFV decouples network functions from hardware devices and implements them in software, called virtual network functions (VNFs). 2,3 Unlike the middleboxes, the VNFs can be flexibly deployed in the commercial-off-the-shelf devices. NFV

show abstract

“…In the IP domain, the need for modeling, evaluation, and analyses of the security services resulted in conceptual models for support and integration of security service in the cloud [15]. These efforts led to the exploration of a cooperative security service chaining model in multi-domain environments, in which administrative domains negotiate the service duration and resource dedication for a "best-effort" cooperation [16]. In the industry domain, Netflix is one of the pioneers of transforming its monolithic application to a microservice architecture hosted on Amazon Cloud [17].…”

Section: Related Workmentioning

confidence: 99%

Towards security-as-a-service in multi-access edge

Tourani

Bos

Misra

et al. 2019

Proceedings of the 4th ACM/IEEE Symposium on Edge Computing

View full text Add to dashboard Cite

The prevailing network security measures are often implemented on proprietary appliances that are deployed at fixed network locations with constant capacity. Such a rigid deployment is sometimes necessary, but undermines the flexibility of security services in meeting the demands of emerging applications, such as augmented/virtual reality, autonomous driving, and 5G for industry 4.0, which are provoked by the evolution of connected and smart devices, their heterogeneity, and integration with cloud and edge computing infrastructures. To loosen these rigid security deployments, in this paper, we propose a data-centric SECurity-as-a-Service (SECaaS) framework for elastic deployment and provisioning of security services at the Multi-Access Edge Computing (MEC) infrastructure. In particular, we discuss three security services that are suitable for edge deployment: (i) an intrusion detection and prevention system (IDPS), (ii) an access control enforcement system (ACE), and (iii) a communication anonymization service (CA). We benchmark the common security microservices along with the design and implementation of a proof of concept communication anonymization application.

show abstract

A Framework for Enabling Security Services Collaboration Across Multiple Domains

Cited by 12 publications

References 27 publications

Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions

Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions

The intelligent multi‐domain service function chain deployment: Architecture, challenges and solutions

Towards security-as-a-service in multi-access edge

Contact Info

Product

Resources

About