Towards the Dynamic Provision of Virtualized Security Services

• Published in: Cyber Security and Privacy pp. 65 - 76
• Main Authors: Basile, Cataldo, Pitscheider, Christian, Risso, Fulvio, Valenza, Fulvio, Vallini, Marco
• Format: Book Chapter
• Language: English
• Published: Cham Springer International Publishing 2015
• Series: Communications in Computer and Information Science
• Subjects: Edge Node; Internet Service Provider; Policy Implementation; Security Application; Security Service
• ISBN: 331925359X; 9783319253596
• ISSN: 1865-0929; 1865-0937
• DOI: 10.1007/978-3-319-25360-2_6

Network operators face several limitations in terms of infrastructure management and costs when trying to offer security services to a large number of customers with current technologies. Network Functions Virtualization and Software-Defined Networks paradigms try to overcome these limitations by allowing more flexibility, configurability and agility. Unfortunately, the problem of deciding which security services to use, where to place and how to configure them is a multi-dimensional problem that has no easy solution. This paper provides a model that can be used to determine the best allocation for the security applications needed to satisfy the user requirements while minimizing the cost for the network operator, subject to the different constraints expressed by the involved actors. This model can be exploited to pursue an initial dimensioning and set-up of the system infrastructure or to dynamically adapt it to support the user security policies. Initial validation shows that allocations generated with our model have considerable advantages in terms of costs and performance compared to traditional approaches.