Abstract
Network operators face several limitations in terms of infrastructure management and costs when trying to offer security services to a large number of customers with current technologies. Network Functions Virtualization and Software-Defined Networks paradigms try to overcome these limitations by allowing more flexibility, configurability and agility. Unfortunately, the problem of deciding which security services to use, where to place and how to configure them is a multi-dimensional problem that has no easy solution. This paper provides a model that can be used to determine the best allocation for the security applications needed to satisfy the user requirements while minimizing the cost for the network operator, subject to the different constraints expressed by the involved actors. This model can be exploited to pursue an initial dimensioning and set-up of the system infrastructure or to dynamically adapt it to support the user security policies. Initial validation shows that allocations generated with our model have considerable advantages in terms of costs and performance compared to traditional approaches.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
The european telecommunications standards institute: network function virtualization - white paper 2. Technical report, October 2013
Feamster, N., Rexford, J., Zegura, E.: The road to SDN: an intellectual history of programmable networks. ACM SIGCOMM Comput. Commun. Rev. 44(2), 87–98 (2014)
Basile, C., Lioy, A., Scozzi, S., Vallini, M.: Ontology-based policy translation. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds.) CISIS 2009. ASC, vol. 63, pp. 117–126. Springer, Heidelberg (2009)
Basile, C., Lioy, A., Pitscheider, C., Valenza, F., Vallini, M.: A novel approach for integrating security policy enforcement with dynamic network virtualization. In: NetSoft 2015: 1st IEEE Conference on Network Softwarization, London, UK, April 2014
Proctor, M.: Drools: a rule engine for complex event processing. In: Schürr, A., Varró, D., Varró, G. (eds.) AGTIVE 2011. LNCS, vol. 7233, p. 2. Springer, Heidelberg (2012)
Moens, H., De Turck, F.: VNF-P: a model for efficient placement of virtualized network functions. In: CNSM 2014: 10th International Conference on Network and Service Management, pp. 418–423, November 2014
Yoshida, M., Shen, W., Kawabata, T., Minato, K., Imajuku, W.: MORSA: a multi-objective resource scheduling algorithm for NFV infrastructure. In: APNOMS 2014: 16th Asia-Pacific Network Operations and Management Symposium, pp. 1–6, September 2014
Clayman, S., Maini, E., Galis, A., Manzalini, A., Mazzocca, N.: The dynamic placement of virtual network functions. In: NOMS 2014: Network Operations and Management Symposium, pp. 1–9, May 2014
Beloglazov, A., Buyya, R.: Energy efficient allocation of virtual machines in cloud data centers. In: CCGrid 2010: 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing, pp. 577–578, May 2010
García, A.J., Cervelló-Pastor, C., Jiménez, Y.: A modular simulation tool of an orchestrator for allocating virtual resources in SDN. Int. J. Model. Optim. 4(2), 88–99 (2014)
Gember, A., Krishnamurthy, A., John, S.S., Grandl, R., Gao, X., Anand, A., Benson, T., Akella, A., Sekar, V.: Stratos: a network-aware orchestration layer for middleboxes in the cloud. CoRR abs/1305.0209, June 2013
Meng, X., Pappas, V., Zhang, L.: Improving the scalability of data center networks with traffic-aware virtual machine placement. In: INFOCOM 2010, San Diego, CA, pp. 1–9, March 2010
Mehraghdam, S., Keller, M., Karl, H.: Specifying and placing chains of virtual network functions. In: CloudNet 2014: IEEE 3rd International Conference on Cloud Networking, Luxembourg, pp. 7–13, October 2014
Acknowledgment
The research described in this paper is part of the SECURED project, co-funded by the European Commission (FP7 grant agreement no. 611458).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Basile, C., Pitscheider, C., Risso, F., Valenza, F., Vallini, M. (2015). Towards the Dynamic Provision of Virtualized Security Services. In: Cleary, F., Felici, M. (eds) Cyber Security and Privacy. CSP 2015. Communications in Computer and Information Science, vol 530. Springer, Cham. https://doi.org/10.1007/978-3-319-25360-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-25360-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25359-6
Online ISBN: 978-3-319-25360-2
eBook Packages: Computer ScienceComputer Science (R0)