Virtualized security at the network edge: a user-centric approach

Montero, Diego; Yannuzzi, M.; Shaw, Adrian L.; Jacquin, Ludovic; Pastor, Antonio; Serral-Gracià, R.; Lioy, Antonio; Risso, Fulvio; Basile, Cataldo; Sassu, Roberto; Nemirovsky, Mario; Ciaccia, Francesco; Georgiades, Michael; Charalambides, Savvas; Kuusijärvi, Jarkko; Bosco, Francesca

doi:10.1109/mcom.2015.7081092

Cited by 41 publications

(21 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The system architecture, including also the external infrastructure architecture [3], is easily mapped to an NFV deployment and a design compatible with the ETSI standard [4] is currently under development. The concept of the Service Graph allows for complex modeling of VNFs chaining, becoming an NFV enabler.…”

Section: Discussionmentioning

confidence: 99%

Offloading personal security applications to a secure and trusted network node

Bonafiglia

Ciaccia

Lioy

et al. 2015

Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft)

View full text Add to dashboard Cite

The current device-centric protection model against security threats has serious limitations from the final user perspective, among the other the necessity to keep each device updated with the latest security updates and the necessity to replicate all the security polices across all devices. In our model, the protection is decoupled from the users terminals and it is provided through a Trusted Virtual Domain (TVD) instantiated in future edge routers. Each TVD provides unified and homogeneous security for a single user, irrespective of the terminal employed. This paper shows a first prototype implementing this concept through a network element, called Network Edge Device, capable of running the proposed virtualized architecture and making extensive use of SDN technologies, with the aim at providing a uniform security level for the final user.

show abstract

Section: Discussionmentioning

confidence: 99%

Offloading personal security applications to a secure and trusted network node

Bonafiglia

Ciaccia

Lioy

et al. 2015

Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft)

View full text Add to dashboard Cite

show abstract

“…In the literature, the SECaaS approach has been deeply investigated in the last few years. For instance, some authors [9] proposed a "user-centric" approach for the provision of virtualised security at the network edge. In that paper, a complete framework design is shown, in which an NFV Infrastructure is used to provide security services for the end-user terminals.…”

Section: Security-as-a-service In An Nfv Environmentmentioning

confidence: 99%

Towards an Efficient Management and Orchestration Framework for Virtual Network Security Functions

Pedone

Lioy

Valenza

2019

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

The recent years have witnessed a growth in the number of users connected to computer networks, due mainly to megatrends such as Internet of Things (IoT), Industry 4.0, and Smart Grids. Simultaneously, service providers started offering vertical services related to a specific business case (e.g., automotive, banking, and e-health) requiring more and more scalability and flexibility for the infrastructures and their management. NFV and SDN technologies are a clear way forward to address these challenges even though they are still in their early stages. Security plays a central role in this scenario, mainly because it must follow the rapid evolution of computer networks and the growing number of devices. The main issue is to protect the end-user from the increasing threats, and for this reason, we propose in this paper a security framework compliant to the Security-as-a-Service paradigm. In order to implement this framework, we leverage NFV and SDN technologies, using a user-centered approach. This allows to customize the security service starting from user preferences. Another goal of our work is to highlight the main relevant challenges encountered in the design and implementation of our solution. In particular, we demonstrate how significant is to choose an efficient way to configure the Virtual Network Security Functions in terms of performance. Furthermore, we also address the nontrivial problem of Service Function Chaining in an NFV MANO platform and we show what are the main challenges with respect to this problem.

show abstract

“…Given the reduced set of security features integrated in virtualization platforms and the increasing needs for crosscloud deployments, users are generally left most of the burden for protecting their applications against external threats. Since, on first approximation, virtualization environments could be viewed as special instances of physical networks, softwarebased versions of security middleboxes may be integrated in service graph design [3], [4]. We argue that this approach comes with important limitations in the current cyber-security landscape:…”

Section: Beyond the Security Perimeter Modelmentioning

confidence: 99%

Situational Awareness in Virtual Networks: The ASTRID Approach

Carrega

Repetto

Risso

et al. 2018

2018 IEEE 7th International Conference on Cloud Networking (CloudNet)

View full text Add to dashboard Cite

Cloud-based services often follow the same logical structure of private networks. The lack of physical boundaries and the dependence on third party's infrastructural security mechanisms often undermine the confidence in the overall security level of virtualized applications. Integrating software instances of common security middleboxes into cloud networks helps overcome most suspicions, but leads to inefficient solutions.In this paper, we describe the vision behind the ASTRID project. The novelty of our concept lies in decoupling detection algorithms from monitoring and inspection tasks, seeking better integration with virtualization frameworks. We briefly elaborate on the overall conceptual architecture and the foundation of its implementation components. Additionally, we give insights on the expected impacts and opportunities brought by this novel paradigm over the existing approaches.

show abstract

Virtualized security at the network edge: a user-centric approach

Cited by 41 publications

References 7 publications

Offloading personal security applications to a secure and trusted network node

Offloading personal security applications to a secure and trusted network node

Towards an Efficient Management and Orchestration Framework for Virtual Network Security Functions

Situational Awareness in Virtual Networks: The ASTRID Approach

Contact Info

Product

Resources

About