Towards Security Automation in Virtual Networks

Nowadays virtual computer networks are characterized by high dynamism and complexity. However, these features made the traditional manual approaches for network security management error-prone, unoptimized and time-consuming. This paper discusses the research carried out during my Ph.D. program on network security automation. In particular, it presents an approach based on constraint programming that combines automation, formal verification, and optimization for network security management. This approach has been proved to be general enough by means of multiple applications that have been developed. In particular, this paper describes VEREFOO, a framework for the automatic configuration of security functions, and FATO, a framework for the automatic orchestration of security transients. This methodology is extensively evaluated using different metrics and tests, and it has been compared to state-of-the-art solutions and to the requirements of dynamic virtual networks.

[1]  Fulvio Valenza,et al.  Automated Firewall Configuration in Virtual Networks , 2023, IEEE Transactions on Dependable and Secure Computing.

[2]  Fulvio Valenza,et al.  Optimizing distributed firewall reconfiguration transients , 2022, Comput. Networks.

[3]  Jorge Bernal Bernabé,et al.  Automatic, verifiable and optimized policy-based security enforcement for SDN-aware IoT networks , 2022, Comput. Networks.

[4]  Matthew Roughan,et al.  Verifiable Policy-Defined Networking Using Metagraphs , 2022, IEEE Transactions on Dependable and Secure Computing.

[5]  Fulvio Valenza,et al.  Toward Cybersecurity Personalization in Smart Homes , 2022, IEEE Security & Privacy.

[6]  Guido Marchetto,et al.  Improving the Formal Verification of Reachability Policies in Virtualized Networks , 2021, IEEE Transactions on Network and Service Management.

[7]  Faqir Zarrar Yousaf,et al.  Benchmarking open source NFV MANO systems: OSM and ONAP , 2020, Comput. Commun..

[8]  Gang Mei,et al.  A Survey of Internet of Things (IoT) for Geohazard Prevention: Applications, Technologies, and Challenges , 2020, IEEE Internet of Things Journal.

[9]  Fulvio Valenza,et al.  Automated optimal firewall orchestration and configuration in virtualized networks , 2020, NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium.

[10]  Antonio Lioy,et al.  Towards an Efficient Management and Orchestration Framework for Virtual Network Security Functions , 2019, Secur. Commun. Networks.

[11]  Stephan Merz,et al.  Automated Factorization of Security Chains in Software-Defined Networks , 2019, 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[12]  D. López,et al.  Adding Support for Automatic Enforcement of Security Policies in NFV Networks , 2019, IEEE/ACM Transactions on Networking.

[13]  Lisandro Zambenedetti Granville,et al.  Refining network intents for self-driving networks , 2019, CCRV.

[14]  Lisandro Zambenedetti Granville,et al.  Refining Network Intents for Self-Driving Networks , 2018, SelfDN@SIGCOMM.

[15]  Stephan Merz,et al.  Rule-Based Synthesis of Chains of Security Functions for Software-Defined Networks , 2018, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[16]  Robert Robere,et al.  The Proof Complexity of SMT Solvers , 2018, CAV.

[17]  Olivier Bonaventure,et al.  Safe Update of Hybrid SDN Networks , 2017, IEEE/ACM Transactions on Networking.

[18]  Ehab Al-Shaer,et al.  Automated Synthesis of Distributed Network Access Controls: A Formal Framework with Refinement , 2017, IEEE Transactions on Parallel and Distributed Systems.

[19]  Pavol Cerný,et al.  Optimal Consistent Network Updates in Polynomial Time , 2016, DISC.

[20]  Matthew Roughan,et al.  The Mathematical Foundations for Mapping Policies to Network Devices , 2016, SECRYPT.

[21]  Jingyu Hua,et al.  FOUM: A flow-ordered consistent update mechanism for software-defined networking in adversarial settings , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[22]  Byrav Ramamurthy,et al.  OpenSec: Policy-Based Security Using Software-Defined Networking , 2016, IEEE Transactions on Network and Service Management.

[23]  Didier Colle,et al.  Network service chaining with optimized network function embedding supporting service decompositions , 2015, Comput. Networks.

[24]  Sakir Sezer,et al.  Sdn Security: A Survey , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[25]  Zhan Zhang,et al.  Minimizing the Maximum Firewall Rule Set in a Network with Multiple Firewalls , 2010, IEEE Transactions on Computers.

[26]  Kevin Curran,et al.  A formal logic approach to firewall packet filtering analysis and generation , 2008, Artificial Intelligence Review.

[27]  Raouf Boutaba,et al.  Policy-based Management: A Historical Perspective , 2007, Journal of Network and Systems Management.

[28]  Fulvio Valenza,et al.  A twofold model for VNF embedding and time-sensitive network flow scheduling , 2022, IEEE Access.

[29]  Ayoub Bahnasse,et al.  Automated VPN configuration using DevOps , 2021, EUSPN/ICTH.

[30]  KELAYAKAN FINANSIAL,et al.  Short paper , 2010, 2010 International Conference on e-Business (ICE-B).

[31]  Automatic Configuration for an Optimal Channel Protection in Virtualized Networks , 2022 .

[32]  Automatic Configuration for an Optimal Channel Protection in Virtualized Networks , 2022 .