Loading [a11y]/accessibility-menu.js
Efficient Provisioning of Security Service Function Chaining Using Network Security Defense Patterns | IEEE Journals & Magazine | IEEE Xplore

Efficient Provisioning of Security Service Function Chaining Using Network Security Defense Patterns


Abstract:

Network functions virtualization intertwined with software-defined networking opens up great opportunities for flexible provisioning and composition of network functions,...Show More

Abstract:

Network functions virtualization intertwined with software-defined networking opens up great opportunities for flexible provisioning and composition of network functions, known as network service chaining. In the cloud, this allows providers to create service chains tuned to each application type while optimizing resources' utilization. This is particularly useful to accommodate different tenants' applications with different security needs. However, considering security provisioning from the single perspective of resources optimization may lead to deployment solutions that do not comply with well-known security-related best practices and recommendations. In this paper, we propose network security defense patterns (NSDP) aimed at leveraging the best practice and know-how from the security experts and at capturing various security constraints to efficiently select compliant security functions' deployment options. The placement problem being a NP-Hard problem to solve, we also propose a scalable networking and computing resources aware optimization framework to efficiently provision different NSDPs. We further show the feasibility of implementing NSDPs in the cloud infrastructure through the integration of our approach into an open source cloud framework, namely OpenStack, in our test laboratory. The simulation results show the effectiveness of our approach in selecting an optimal placement of the security functions for large data centers with hundreds of thousands of computing nodes, while complying with the predefined security constraints and improving the scalability compared to the current placement algorithms.
Published in: IEEE Transactions on Services Computing ( Volume: 12, Issue: 4, 01 July-Aug. 2019)
Page(s): 534 - 549
Date of Publication: 14 October 2016

ISSN Information:

Funding Agency:


Contact IEEE to Subscribe

References

References is not available for this document.