The emerging trend in network softwarization has led to a programmable networking architecture that improves the traditional control of network systems from hardware-based configurations to a fully-softwarized approach. The benefits from this tran- sition are numerous; however, the impact on network security aspects may turn out to be negative, unless proper changes are introduced in the way security applications are de- signed and deployed. In particular, the multi-tenant environment, the dynamic nature of current Network Services, and the ongoing integration of software-intensive embedded systems and global communication networks into Cyber-Physical Systems have introduced further security considerations that need to be addressed. We examine the main motiva- tions to go beyond the traditional "security perimeter" vision and the current trends in cybersecurity leveraging network programmability. Then, we examine a service-centric ar- chitectural framework that adopts centralized management to ensure end-to-end security, by gathering security context information from "light" local agents deployed on the service functions and by utilizing state-of-the-art technologies for external threat protection. We conclude the chapter with the discussion of a cyber-range approach to test the security of virtualized networking environments.
Security Implications, Issues and Approaches in Programmable Networks
M Repetto;
2020
Abstract
The emerging trend in network softwarization has led to a programmable networking architecture that improves the traditional control of network systems from hardware-based configurations to a fully-softwarized approach. The benefits from this tran- sition are numerous; however, the impact on network security aspects may turn out to be negative, unless proper changes are introduced in the way security applications are de- signed and deployed. In particular, the multi-tenant environment, the dynamic nature of current Network Services, and the ongoing integration of software-intensive embedded systems and global communication networks into Cyber-Physical Systems have introduced further security considerations that need to be addressed. We examine the main motiva- tions to go beyond the traditional "security perimeter" vision and the current trends in cybersecurity leveraging network programmability. Then, we examine a service-centric ar- chitectural framework that adopts centralized management to ensure end-to-end security, by gathering security context information from "light" local agents deployed on the service functions and by utilizing state-of-the-art technologies for external threat protection. We conclude the chapter with the discussion of a cyber-range approach to test the security of virtualized networking environments.| File | Dimensione | Formato | |
|---|---|---|---|
|
prod_439568-doc_157717.pdf
solo utenti autorizzati
Descrizione: Security Implications, Issues and Approaches in Programmable Networks
Tipologia:
Versione Editoriale (PDF)
Dimensione
1.4 MB
Formato
Adobe PDF
|
1.4 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
prod_439568-doc_157985.pdf
solo utenti autorizzati
Descrizione: CNIT TR06 - Network Programmability: a (r)evolutionary approach
Tipologia:
Versione Editoriale (PDF)
Dimensione
129.08 kB
Formato
Adobe PDF
|
129.08 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
