Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

Network operators are currently very cautious before deploying a new network equipment. This is done only if the new networking solution is fully monitored, secured and can provide rapid revenues (short Return of Investment). For example, the NDN (Named Data Networking) solution is admitted as promising but still uncertain, thus making network operators reluctant to deploy it. Having a flexible environment would allow network operators to initiate the deployment of new network solutions at low cost and low risk. The virtualization techniques, appeared a few years ago, can help to provide such a flexible networking architecture. However, with it, emerge monitoring and security issues which should be solved. In this paper, we present our secure virtualized networking environment to deploy new functions and protocol stacks in the network, with a specific focus on the NDN use-case as one of the potential Future Internet technology. As strong requirements for a network operator, we then focus on monitoring and security components, highlighting where and how they can be deployed and used. Finally, we introduce our preliminary evaluation, with a focus on security, before presenting the test bed, involving end-users consuming real contents, that we will set up for the assessment of our approach.

[1]  Wissam Mallouli,et al.  Online Network Traffic Security Inspection Using MMT Tool , 2012 .

[2]  A. Kivity,et al.  kvm : the Linux Virtual Machine Monitor , 2007 .

[3]  Ramakrishnan Rajamony,et al.  An updated performance comparison of virtual machines and Linux containers , 2015, 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS).

[4]  Nicholas Bambos,et al.  Dynamic resource management in virtualized data centers with bursty traffic , 2014, 2014 IEEE International Conference on Communications (ICC).

[5]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[6]  Patricia Takako Endo,et al.  Joint Allocation of Nodes and Links with Load Balancing in Network Virtualization , 2014, 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.

[7]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[8]  Willy Zwaenepoel,et al.  Diagnosing performance overheads in the xen virtual machine environment , 2005, VEE '05.

[9]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[10]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[11]  Jianping Wu,et al.  On adapting HTTP protocol to content centric networking , 2012, CFI.

[12]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[13]  Wenke Lee,et al.  Secure and Flexible Monitoring of Virtual Machines , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[14]  Ruidong Li,et al.  Container-based unified testbed for information-centric networking , 2014, IEEE Network.

[15]  Markus Hidell,et al.  Performance evaluation of openflow controllers for network virtualization , 2014, 2014 IEEE 15th International Conference on High Performance Switching and Routing (HPSR).

[16]  Roberto Bifulco,et al.  ClickOS and the Art of Network Function Virtualization , 2014, NSDI.

[17]  Mohamed Almorsy,et al.  CloudSec: A security monitoring appliance for Virtual Machines in the IaaS cloud model , 2011, 2011 5th International Conference on Network and System Security.

[18]  Vania Conan,et al.  Remediating Logical Attack Paths Using Information System Simulated Topologies , 2014 .