Application-Centric provisioning of virtual security network functions

Network Function Virtualization (NFV) enables flexible implementation and provisioning of network functions as virtual machines running on commodity servers. Due to the availability of multiple hosting servers, such network functions (also called Virtual Network Functions (VNFs)) can be placed where they are actually needed, dynamically migrated, duplicated, or deleted according to the current network requirements. However, the placement of VNFs within the physical network is one of the main challenges in the NFV domain as it has a critical impact on the performance of the network. In this work we focus on efficient placement of Virtual Security Network Functions (VSNFs), i.e. the placement of virtual network functions whose purpose is to prevent or mitigate network security threats. In this regard, we tackle the placement problem not only considering performance optimization aspects, but also trying to find solutions that are consistent from the security viewpoint. Specifically, the main contribution of this paper is the formulation of the placement problem by taking into account both Security and Quality of Service (QoS) requirements of user applications.

[1]  Cataldo Basile,et al.  Towards the Dynamic Provision of Virtualized Security Services , 2015, CSP Forum.

[2]  Zhenyu Wu,et al.  Humans and Bots in Internet Chat: Measurement, Analysis, and Automated Classification , 2011, IEEE/ACM Transactions on Networking.

[3]  Hyun-Jin Lee,et al.  Optimizing resource allocation for elastic security VNFs in the SDNFV-enabled cloud computing , 2017, 2017 International Conference on Information Networking (ICOIN).

[4]  Guy Pujolle,et al.  QoS-Aware VNF Placement Optimization in Edge-Central Carrier Cloud Architecture , 2016, 2016 IEEE Global Communications Conference (GLOBECOM).

[5]  Filip De Turck,et al.  Network Function Virtualization: State-of-the-Art and Research Challenges , 2015, IEEE Communications Surveys & Tutorials.

[6]  Nicola Mazzocca,et al.  The dynamic placement of virtual network functions , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[7]  Otto Carlos Muniz Bandeira Duarte,et al.  Orchestrating Virtualized Network Functions , 2015, IEEE Transactions on Network and Service Management.

[8]  Wolfgang Kellerer,et al.  QoS-driven function placement reducing expenditures in NFV deployments , 2017, 2017 IEEE International Conference on Communications (ICC).

[9]  Brian Randell,et al.  A systematic classification of cheating in online games , 2005, NetGames '05.

[10]  Mohamed Cheriet,et al.  Efficient Provisioning of Security Service Function Chaining Using Network Security Defense Patterns , 2019, IEEE Transactions on Services Computing.

[11]  Sylvia Ratnasamy,et al.  BlindBox: Deep Packet Inspection over Encrypted Traffic , 2015, SIGCOMM.

[12]  Hongxin Hu,et al.  Dynamic Defense Provision via Network Functions Virtualization , 2017, SDN-NFV@CODASPY.