Automated Security Management for Virtual Services

The virtualization of applications and network functions facilitates the dynamic creation of compound services, automating both the provisioning of computing/networking/storage resources and their life-cycle management. Virtualization of security appliances is a common approach to protect such services, but can neither offer broad visibility across the whole deployed service nor implement coordinated and fine-grained enforcement actions. This paper proposes a novel security framework based on the integration of lightweight and programmable monitoring and enforcement hooks in each virtual function, which are collectively controlled by a common logic for prevention, detection, reaction, and mitigation of security threats. Our framework keeps direct control over the functionalities of the security hooks, and leverages standard orchestration tools for management actions on the service graph. It can be automatically instantiated by common orchestration operations, hence seamlessly integrating with the deployment process of service graphs.

[1]  Fulvio Risso,et al.  A New Paradigm to Address Threats for Virtualized Services , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[2]  Rakesh Kumar,et al.  Interface to Network Security Functions (I2NSF): Problem Statement and Use Cases , 2017, RFC.

[3]  M. Repetto,et al.  Building situational awareness for network threats in fog/edge computing: Emerging paradigms beyond the security perimeter model , 2018, Future Gener. Comput. Syst..

[4]  Cataldo Basile,et al.  Adding Support for Automatic Enforcement of Security Policies in NFV Networks , 2019, IEEE/ACM Transactions on Networking.

[5]  Cataldo Basile,et al.  A formal model of network policy analysis , 2015, 2015 IEEE 1st International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI).