Automated Security Management for Virtual Services

2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN) Pub Date : 2019-11-01 DOI:10.1109/NFV-SDN47374.2019.9040069

M. Repetto, A. Carrega, Jalolliddin Yusupov, Fulvio Valenza, Fulvio Risso, G. Lamanna

{"title":"Automated Security Management for Virtual Services","authors":"M. Repetto, A. Carrega, Jalolliddin Yusupov, Fulvio Valenza, Fulvio Risso, G. Lamanna","doi":"10.1109/NFV-SDN47374.2019.9040069","DOIUrl":null,"url":null,"abstract":"The virtualization of applications and network functions facilitates the dynamic creation of compound services, automating both the provisioning of computing/networking/storage resources and their life-cycle management. Virtualization of security appliances is a common approach to protect such services, but can neither offer broad visibility across the whole deployed service nor implement coordinated and fine-grained enforcement actions. This paper proposes a novel security framework based on the integration of lightweight and programmable monitoring and enforcement hooks in each virtual function, which are collectively controlled by a common logic for prevention, detection, reaction, and mitigation of security threats. Our framework keeps direct control over the functionalities of the security hooks, and leverages standard orchestration tools for management actions on the service graph. It can be automatically instantiated by common orchestration operations, hence seamlessly integrating with the deployment process of service graphs.","PeriodicalId":394933,"journal":{"name":"2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NFV-SDN47374.2019.9040069","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The virtualization of applications and network functions facilitates the dynamic creation of compound services, automating both the provisioning of computing/networking/storage resources and their life-cycle management. Virtualization of security appliances is a common approach to protect such services, but can neither offer broad visibility across the whole deployed service nor implement coordinated and fine-grained enforcement actions. This paper proposes a novel security framework based on the integration of lightweight and programmable monitoring and enforcement hooks in each virtual function, which are collectively controlled by a common logic for prevention, detection, reaction, and mitigation of security threats. Our framework keeps direct control over the functionalities of the security hooks, and leverages standard orchestration tools for management actions on the service graph. It can be automatically instantiated by common orchestration operations, hence seamlessly integrating with the deployment process of service graphs.

查看原文本刊更多论文

虚拟服务的自动安全管理

应用程序和网络功能的虚拟化促进了复合服务的动态创建，自动化了计算/网络/存储资源的供应及其生命周期管理。安全设备的虚拟化是保护此类服务的常用方法，但既不能提供跨整个部署服务的广泛可见性，也不能实现协调和细粒度的强制操作。本文提出了一种新的安全框架，该框架基于在每个虚拟功能中集成轻量级和可编程的监视和执行钩子，这些钩子由一个通用逻辑共同控制，用于预防、检测、反应和减轻安全威胁。我们的框架直接控制安全钩子的功能，并利用标准的编排工具来管理服务图上的操作。它可以通过公共编排操作自动实例化，从而与服务图的部署过程无缝集成。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)

自引率

0.00%

发文量