Optimal Placement of Virtual Security Functions to Minimize Energy Consumption

Demirci, Sedef; Demirci, Mehmet; Sağıroğlu, Şeref

doi:10.1109/isncc.2018.8530989

Cited by 4 publications

(8 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The impact on the network traffic caused by concurrent VSNFs running on the same node are estimated with Eq. (13) and (15). These values of γ u have been used to perform the evaluation tests described in the remainder of this section, with the aim of enabling interested readers to replicate the experiments in similar conditions.…”

Section: A Test Configurationmentioning

confidence: 96%

“…As formalized in Eq. (13), this latency is a function of the residual computing capacity of the node i where u is placed, the computing requirements γ u of the VSNF, the average packet size σ c of chain c and the traffic load of the chain (whose upper bound is β c ). Finally, a VSNF is characterized by its operational mode (either stateless or stateful) and by the identifier of a region in the physical network where it must be placed, if required by the TSP security policies.…”

Section: Pessmentioning

confidence: 99%

“…Each time a chain c ∈ C becomes operational, the algorithm computes γ c , a threshold value obtained from Eq. (12) and (13) as follows:…”

Section: The Pess Heuristic Algorithmmentioning

confidence: 99%

See 2 more Smart Citations

Dynamic and Application-Aware Provisioning of Chained Virtual Security Network Functions

Doriguzzi-Corin

Scott-Hayward

Siracusa

et al. 2020

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

A promising area of application for Network Function Virtualization is in network security, where chains of Virtual Security Network Functions (VSNFs), i.e., security-specific virtual functions such as firewalls or Intrusion Prevention Systems, can be dynamically created and configured to inspect, filter or monitor the network traffic. However, the traffic handled by VSNFs could be sensitive to specific network requirements, such as minimum bandwidth or maximum end-to-end latency. Therefore, the decision on which VSNFs should apply for a given application, where to place them and how to connect them, should take such requirements into consideration. Otherwise, security services could affect the quality of service experienced by customers.In this paper we propose PESS (Progressive Embedding of Security Services), a solution to efficiently deploy chains of virtualised security functions based on the security requirements of individual applications and operators' policies, while optimizing resource utilization. We provide the PESS mathematical model and heuristic solution.Simulation results show that, compared to state-of-the-art application-agnostic VSNF provisioning models, PESS reduces computational resource utilization by up to 50%, in different network scenarios. This result ultimately leads to a higher number of provisioned security services and to up to a 40% reduction in end-to-end latency of application traffic.

show abstract

Section: A Test Configurationmentioning

confidence: 96%

Section: Pessmentioning

confidence: 99%

See 1 more Smart Citation

Dynamic and Application-Aware Provisioning of Chained Virtual Security Network Functions

Doriguzzi-Corin

Scott-Hayward

Siracusa

et al. 2020

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…One of the most important factors affecting the network operating cost is energy consumption of the servers. To address this issue, an energy-aware virtual security function placement model is presented in [63]. This study aims to place virtual security functions at optimum locations while minimizing server energy consumption.…”

Section: Minimizing Opexmentioning

confidence: 99%

“…Additionally, they aim to provide good solutions in terms of performance, delay, and scalability [7,18,21,31,62,[64][65][66]. Unlike others, an energy-aware virtual security function placement model is addressed in [63], which reduces the energy consumption significantly while providing security at the desired level. However, we have not come across any study on optimal placement of virtual security functions in a software defined network optimizing resilience, fault tolerance, and robustness etc.…”

Section: Challenge 3: Different Operational Objectivesmentioning

confidence: 99%

Virtual Security Functions and Their Placement in Software Defined Networks: A Survey

Demirci

Sağıroğlu

2019

Gazi University Journal of Science

Self Cite

View full text Add to dashboard Cite

Highlights• We categorize virtual network security functions according to their types.• We classify the studies on the optimal placement of virtual security functions in SDN. • We identify important research challenges in the area of virtual security function placement. • We propose promising future directions for virtual security function placement. Article Info AbstractSoftware Defined Networking (SDN) and Network Functions Virtualization (NFV) are two important technologies gaining prominence thanks to their benefits for improving the flexibility and cost efficiency in networks. These technologies have been utilized extensively for providing new age security solutions in recent years. Through the use of SDN and NFV, network security functions are virtualized and deployed in a hardware-independent manner, thus reducing costs as well as enabling faster innovations and developments. Functions virtualized with NFV such as firewall, deep packet inspection, intrusion detection systems etc. can reside as applications in the SDN architecture. The issue of where to place these functions in the network is an important problem discussed in the literature. When placing these functions, objectives such as efficient use of network resources, energy consumption, cost, network load, delay etc. must be considered for each function, in addition to ensuring that network security requirements are met. This paper provides a critical survey on the placement of virtualized network security functions in software defined networks and identifies open problems in this field. We briefly describe SDN and NFV technologies, touch upon the relationship between them, exemplify and review the most common virtual security functions in SDN. We also examine and compare the studies on the optimal placement of virtual security functions. Finally, we identify several open research challenges in this area and suggest potential future directions to be considered by researchers. Keywords SDN NFV VNF placement Network securityEven though SDN and NFV are two nascent technologies coming from different sources as explained in Section 2 and can be implemented independently, they complement each other very well and can attain their full potential when they coexist, because both of them follow the basic principles of network agility, cost efficiency and defining network behavior with software. Therefore, when these technologies are used together, network control logic is abstracted from the forwarding mechanism and network functions are implemented as virtualized software [5].Information security is one of the most significant challenges for SDN, as in all areas of technology. In a network structured with SDN and NFV technologies, security can be provided by virtualized security functions such as intrusion detection/prevention systems (IDS/IPS), deep packet inspection (DPI), firewall etc. [6]. The issue of where to place these functions in a network is a new and important problem faced by network operators. When determining the locations of these functions, s...

show abstract

Experimental Study on Resource Allocation for a Software-Defined Network-Based Virtualized Security Functions Platform

Uwanpriya

Rankothge

Gamage

et al. 2022

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Optimal Placement of Virtual Security Functions to Minimize Energy Consumption

Cited by 4 publications

References 10 publications

Dynamic and Application-Aware Provisioning of Chained Virtual Security Network Functions

Dynamic and Application-Aware Provisioning of Chained Virtual Security Network Functions

Virtual Security Functions and Their Placement in Software Defined Networks: A Survey

Experimental Study on Resource Allocation for a Software-Defined Network-Based Virtualized Security Functions Platform

Contact Info

Product

Resources

About