A New Approach for Delivering Customized Security Everywhere: Security Service Chain

Liu, Yi; Zhang, Hongqi; Liu, Jiang; Yang, Yan

doi:10.1155/2017/9534754

Cited by 7 publications

(10 citation statements)

References 30 publications

(47 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Namely, the authors of [13] tackled the problem of efficient Security Service Chain (SSC) deployment. A SSC is an ordered set of security functions composing a logical security service.…”

Section: Related Workmentioning

confidence: 99%

Designing Security-Aware Service Requests for NFV-Enabled Networks

Jmila

Blanc

2019

2019 28th International Conference on Computer Communication and Networks (ICCCN)

View full text Add to dashboard Cite

Network Function Virtualization (NFV) is a new concept where virtualization is used to shift "network functions" (e.g., routers, switches, load-balancers, proxies) from specialized hardware appliances to software images running on high volume servers. The resource allocation problem in the NFV environment has received considerable attention in the past years. However, little attention was paid to the security aspects of the problem in spite of the increasing number of vulnerabilities faced by cloudbased applications. Securing the services is an urgent need to completely benefit from the advantages offered by NFV. In this paper, we show how a network service request, composed of a set of service function chains (SFC) should be modified and enriched to take into consideration the security requirements of the supported service. We examine the well-known security best practices and propose a two-step algorithm that extends the initial SFC requests to a more complex chaining model that includes the security requirements of the service.

show abstract

“…Namely, the authors of [13] tackled the problem of efficient Security Service Chain (SSC) deployment. A SSC is an ordered set of security functions composing a logical security service.…”

Section: Related Workmentioning

confidence: 99%

Designing Security-Aware Service Requests for NFV-Enabled Networks

Jmila

Blanc

2019

2019 28th International Conference on Computer Communication and Networks (ICCCN)

View full text Add to dashboard Cite

show abstract

“…To further demonstrate the effectivity of the proposed PSO algorithm, we compare our proposed algorithm with three other algorithms, and the compared approaches are all implemented in MATLAB. Since our proposed PSO algorithm consists of three parts, i.e., k-Dijkstra algorithm, the security level selection algorithm and the VSNF embedding algorithm, we combine some previous classical algorithms (e.g., greedy biased approaches [22], tabu search (TS)-based approach [32]) to generate the other three algorithms. The details are as follows.…”

Section: B Results and Discussionmentioning

confidence: 99%

“…The authors also demonstrate the effectivity the novel architecture. Liu et al [32] propose an SDN/NFV-enabled SSC orchestration architecture. Based on the architecture, the authors further present a meta-heuristic-based Tabu search algorithm, which aims to minimize the end-to-end delay and security resource cost.…”

Section: Security-driven Sfc Resource Allocationmentioning

confidence: 99%

“…Towards the end of the simulation (at approximately 100 SSC requests) in Fig.10(a), the algorithm run time of the ILP's solution is 92115.6 ms, the run time of the proposed PSO algorithm is 174.1 ms, the run time of the TS algorithm is 273.6 ms, and the run time of the GFP algorithm is 686.9 ms. The run time of the TS algorithm is mainly determined by the length of SSC || and the number of the substrate node || s , which performs the details, refer to[32]), where λ is the length of the Tabu list. Then, based on the ILP model for SSC-DMP, both Boolean variables and nonlinear constraints in the model are interactable for the large-scale network scenarios, with the computational complexity of…”

mentioning

confidence: 99%

See 1 more Smart Citation

A Novel Method for Resource Efficient Security Service Chain Embedding Oriented to Cloud Datacenter Networks

Qiao

Liu

et al. 2021

IEEE Access

View full text Add to dashboard Cite

An important and promising application for the network function virtualization (NFV) technology is in network security, where can dynamically and flexibly accomplish the chaining virtualized security network functions (VSNFs), e.g., network address translation, antispam and packet filter firewall, etc., and thus inspect, monitor or filter traffic flows in the cloud datacenter networks. However, the traffic flows addressed by the VSNFs mainly depend on the security service requirements from mobile users, such as the network security level, end-to-end latency, and security resource, etc. Considering the dynamic nature of cloud datacenter networks, determining the embedding of VSNFs and routing security service paths that optimizes the security resource utilization is a challenging problem, particularly without violating the end-to-end delay constraints and security service requirements. This can also be called security service chain dynamic embedding problem (SSC-DMP). In this paper, we present an NFV-enabled framework for a system that achieves the SSC dynamic embedding in the cloud datacenter networks. We first formulate an integer linear programming (ILP) model to solve the SSC-DMP exactly in small-scale network topology. Then, in order to reduce the time complexity when applying the large-scale network topology, we propose an efficient SSC dynamic embedding solution that is based on the particle swarm optimization. Extensive simulation results show that the proposed algorithm could significantly outperform the current benchmarks at least 35.2% and 23.1% in terms of resource consumption and end-to-end delay, respectively.

show abstract

“…Literatürdeki çalışmalarda, VNSF yerleştirme problemi için [3,7] çoğunlukla, yerleştirilen VNSF sayısı [8][9][10], bant genişliği [11][12][13] ve linklerin sayısı [14][15][16] gibi parametrelerin bir kombinasyonu olarak tanımlanan maliyetin [16][17][18] en aza indirgenmesi hedeflenmiştir. Fakat VNSF yerleştirme probleminde ele alınması gereken en önemli operasyonel amaçlardan biri, ağdaki enerji tüketiminin minimize edilmesidir.…”

Section: Gi̇ri̇ş (Introduction)unclassified

SDN/NFV tabanlı 5G ağlarında enerji-etkin güvenlik yönetimi ve trafik yönlendirme için kontrolcü tasarımı ve değerlendirmesi

Gündüz

Sağıroğlu

2021

Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi

View full text Add to dashboard Cite

Yazılım Tanımlı Ağlar (SDN) ve Ağ Fonksiyonlarını Sanallaştırma (NFV) tabanlı 5G ağlarında güvenlik; saldırı tespit sistemi ve güvenlik duvarı gibi güvenlik fonksiyonlarının NFV ile sanallaştırılması ve birer yazılım haline getirilerek SDN mimarisindeki genel amaçlı sunucular üzerinde çalıştırılması ile sağlanmaktadır. 5G ağlarında, sanal ağ güvenliği fonksiyonları (VNSF) tarafından işlenen trafik akışlarının farklı güvenlik gereksinimleri olabilmektedir. Öte yandan her ağda, güvenlik sağlanırken göz önünde bulundurulması gereken ve ağın ihtiyaçlarına göre farklılık gösteren bir takım operasyonel amaçlar (maliyetin ez aza indirgenmesi, yük dengeleme yapılması vb.) vardır. Bu nedenle, ağın güvenlik gereksinimlerini ve operasyonel amaçlarını göz önünde bulundurarak VNSF’lerin yerleştirilmesi ele alınması gereken önemli bir problemdir. Bu doğrultuda, bu çalışma kapsamında, trafik akışı bazında güvenlik gereksinimleri göz önünde bulundurularak, VNSF’lerin enerji etkin bir biçimde yerleştirilmesi ve trafiğin ihtiyaçları doğrultusunda bu fonksiyonlar üzerinden yönlendirilmesi amaçlanmıştır. Bu amaçla, enerji tüketimini en aza indirgemeyi hedefleyen bir sezgisel algoritma önerilmiştir. Ayrıca, geliştirilen yaklaşımın SDN tabanlı 5G altyapısında uygulanabilirliğini göstermek için sezgisel algoritmanın aldığı kararlar doğrultusunda ağa gelen trafik akışlarını yönlendiren yeni bir SDN kontrolcüsü geliştirilmiştir. Sonuç olarak, geliştirilen algoritmanın, enerji tüketimini %48’e kadar azalttığı ve geliştirilen SDN kontrolcüsünün ağa gelen trafiği toplam bant genişliği, uçtan uca gecikme ve paket kayıp oranı gibi hizmet kalitesi parametreleri açısından etkin bir şekilde yönlendirebildiği görülmüştür.

show abstract

A New Approach for Delivering Customized Security Everywhere: Security Service Chain

Cited by 7 publications

References 30 publications

Designing Security-Aware Service Requests for NFV-Enabled Networks

Designing Security-Aware Service Requests for NFV-Enabled Networks

A Novel Method for Resource Efficient Security Service Chain Embedding Oriented to Cloud Datacenter Networks

SDN/NFV tabanlı 5G ağlarında enerji-etkin güvenlik yönetimi ve trafik yönlendirme için kontrolcü tasarımı ve değerlendirmesi

Contact Info

Product

Resources

About