A Software-Defined Security Strategy for Supporting Autonomic Security Enforcement in Distributed Cloud

Compastié, Maxime; Badonnel, Rémi; Festor, Olivier; He, Ruichun; Kassi-Lahlou, Mohamed

doi:10.1109/cloudcom.2016.0079

Cited by 8 publications

(5 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Also, the visibility and semi-automated deployment features to cope with the increasing scale of distributed clusters are not clearly proposed in the work. On the other hand, SDSec [13] proposes a hierarchical architecture with protocols to effectively manage security rules across multisite edge-boxes. Even though this work has similar focuses in managing rules of security functions, its targets are limited to physical and virtual boxes.…”

Section: B Related Work On Securing Multi-site Edge Clustersmentioning

confidence: 99%

“…Meanwhile, many novel security schemes for detection accuracy and management effectiveness have been proposed [9]- [13]. Some of the suggested schemes are touching the use of edge as defense belts for a centralized cloud by mitigating DDoS (distributed denial of service) attack or proactive ML (machine learning)-based IDS (intruder detection system).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SmartX Multi-Sec: A Visibility-Centric Multi-Tiered Security Framework for Multi-Site Cloud-Native Edge Clusters

Shin¹,

Kim

2021

IEEE Access

View full text Add to dashboard Cite

Recently, to match the emerging demands for multi-site edge clouds, the cloud-based information and communication technology (ICT) infrastructure is rapidly expanding. To protect distributed edge-based cloud assets from networking-based threats by recognizing suspicious traffic, cloud operators should monitor the overall underlying topology to categorize and identify diversified networking packet traffic, flowing through various paths among virtualized and containerized cloud nodes. Perimeter-based networking security, which employs security appliances in fixed locations, cannot address this visibility challenge. As a result, in this paper, we propose the SmartX Multi-tier Security (Multi-Sec) framework, which aims to provide intuitive and systematic visibility for multi-site edge-cloud security. SmartX Multi-Sec abstracts the underlying networking topology among multi-site edge clusters as multiple onion-ringbased tiers of physical, virtualized, and containerized cloud nodes. It also provides collective DevSecOps automation features for monitoring, visualizing, and filtering targeted networking traffic from the respective tiers of the abstracted networking topology. The resulting flow-centric visibility using SmartX Multi-Sec can be featured with extended Berkeley Packet Filter and eXpress Data Path (eBPF/XDP)-leveraged lightweight flow capture and filtering, three-dimensional onion-ring visualization, and automated deployment of DevSecOps functions. By integrating these features, the Proof-of-Concept (PoC)-version of the SmartX Multi-Sec framework is realized to verify the flexible and scalable flow-centric security for multi-site cloudnative edge clouds.INDEX TERMS automated function deployment, lightweight flow capture and filtering, multi-site cloudnative edge clouds, security-oriented flow-centric visibility, three-dimensional visualization

show abstract

Section: B Related Work On Securing Multi-site Edge Clustersmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

SmartX Multi-Sec: A Visibility-Centric Multi-Tiered Security Framework for Multi-Site Cloud-Native Edge Clusters

Shin¹,

Kim

2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In accordance with [3] where we give the basement of our software-defined security approach, the autonomic paradigm is tied to endorse the continuous security policy enforcement able to cope with the changes occurring on the security policy, the tenant configuration and the protected resource state. We extend our previous work by detailing each components and protocols supporting our framework, and giving a critical analysis and implementation considerations based on realistic scenarios.…”

Section: Related Workmentioning

confidence: 99%

“…We have already highlighted the benefits of software-defined security for distributed cloud environments in [3]. We detail in this paper the different components and protocols of our security framework relying on software-defined and autonomic paradigms, and provides a critical analysis of the proposed solution considering a set of validation scenarios based on a realistic use case.…”

Section: Introductionmentioning

confidence: 99%

Towards a Software-Defined Security Framework for Supporting Distributed Cloud

Compastié

Badonnel

Festor

et al. 2017

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Cloud computing provides new facilities for building elaborated services hosted through various infrastructures over the Internet. In the meantime, these ones pose new important challenges in terms of security due to their intrinsic nature. We propose in this paper to detail a software-defined security framework supporting the protection of these services, in the context of distributed cloud. These ones require security mechanisms able to cope with their multi-tenancy and multi-cloud properties. The foundations of this framework rely on the software-defined logic to express and propagate security policies to the considered cloud resources, and on the autonomic paradigm to dynamically configure and adjust these mechanisms to distributed cloud constraints. In particular, we describe the main components and protocols of this software-defined security framework, evaluate this one and discuss implementation considerations, through the analysis of different realistic scenarios.

show abstract

“…Typische Angriffsszenarien auf kritische Energieinfrastrukturen sind hierbei u. a. Angriffe auf Software-Lieferketten sowie die Verbreitung von Schadcode über reguläre Update-Mechanismen (Bundesamt für Sicherheit in der Informationstechnik 2022). Herkömmliche (Netzwerk-) Sicherheitsarchitekturen zum Schutz kritischer Infrastrukturen sind diesen Gegebenheiten nicht ausreichend gewachsen (Compastié et al 2016). Die meisten der entsprechend zugrunde liegenden Konzepte beruhen noch auf einer Trennung zwischen internen und externen Netzwerken, wie Buck et al (2021) erläutern.…”

unclassified

Cyber-Sicherheit für kritische Energieinfrastrukturen – Handlungsempfehlungen zur Umsetzung einer Zero-Trust-Architektur

Buck

Eymann

Jelito

et al. 2023

HMD

View full text Add to dashboard Cite

ZusammenfassungKritische Infrastrukturen – wie diejenigen der Sektoren Wasser, Energie und Ernährung – bilden die Grundlage einer funktionierenden, modernen Gesellschaft. Eine Kompromittierung dieser Infrastrukturen kann zu weitreichenden Störungen und Gefahren für Leib und Leben führen. Der Schutz sowie die Sicherstellung des Betriebs kritischer Infrastrukturen sind deshalb von entscheidender Bedeutung. Während in der Vergangenheit hauptsächlich der physische Schutz vor Angriffen im Mittelpunkt stand, entstehen durch die zunehmende Digitalisierung kritischer Infrastrukturen zusätzliche Angriffspunkte und Risiken. Im Gegensatz zu herkömmlichen Ansätzen zur Absicherung kritischer Energieinfrastrukturen kann eine Absicherung mithilfe einer Zero-Trust-Architektur die mit diesen Entwicklungen einhergehenden Anforderungen erfüllen.Aufgrund der verhältnismäßig geringen Verbreitung von Zero-Trust-Architekturen im kritischen Energieinfrastruktursektor existiert bisher allerdings nur unzureichend praxisrelevante Literatur zur Entwicklung und Implementierung einer solchen Architektur. Diese Arbeit stellt daher sowohl die Erfahrungen aus einem laufenden Entwicklungs- und Implementierungsprojekt als auch die hiervon abgeleiteten technischen und organisationalen Handlungsempfehlungen im Rahmen eines Action-Design-Forschungsansatzes vor und trägt dadurch zur Schließung dieser Forschungslücke bei.

show abstract

A Software-Defined Security Strategy for Supporting Autonomic Security Enforcement in Distributed Cloud

Cited by 8 publications

References 8 publications

SmartX Multi-Sec: A Visibility-Centric Multi-Tiered Security Framework for Multi-Site Cloud-Native Edge Clusters

SmartX Multi-Sec: A Visibility-Centric Multi-Tiered Security Framework for Multi-Site Cloud-Native Edge Clusters

Towards a Software-Defined Security Framework for Supporting Distributed Cloud

Cyber-Sicherheit für kritische Energieinfrastrukturen – Handlungsempfehlungen zur Umsetzung einer Zero-Trust-Architektur

Contact Info

Product

Resources

About