Paper Info
Title
Adding Support for Automatic Enforcement of Security Policies in NFV Networks
Abstract
This paper introduces an approach toward the automatic enforcement of security policies in network functions virtualization (NFV) networks and dynamic adaptation to network changes. The approach relies on a refinement model that allows the dynamic transformation of high-level security requirements into configuration settings for the network security functions (NSFs), and optimization models that allow the optimal selection of the NSFs to use. These models are built on a formalization of the NSF capabilities, which serves to unequivocally describe what NSFs are able to do for security policy enforcement purposes. The approach proposed is the first step toward a security policy aware NFV management, orchestration, and resource allocation system—a paradigm shift for the management of virtualized networks—and it requires minor changes to the current NFV architecture. We prove that our approach is feasible, as it has been implemented by extending the OpenMANO framework and validated on several network scenarios. Furthermore, we prove with performance tests that policy refinement scales well enough to support current and future virtualized networks.
Year
DOI
Venue
2019
10.1109/TNET.2019.2895278
IEEE/ACM Transactions on Networking
Keywords
Field
DocType
Security,Adaptation models,Optimization,IEEE transactions,Communication networks,Virtual private networks,Resource management
Resource management,Telecommunications network,Computer science,Paradigm shift,Network security,Resource allocation,Enforcement,Security policy,Orchestration (computing),Distributed computing
Journal
Volume
Issue
ISSN
27
2
1063-6692
Citations 
PageRank 
References 
6
0.64
0
Authors
5
Name
Order
Citations
PageRank
Cataldo Basile111414.90
Fulvio Valenza25411.17
Antonio Lioy344453.41
Diego R. Lopez482.15
Antonio Pastor Perales560.64