Implementing the security of a network consists in individually configuring several network functions. Network functions are configured by means of a policy composed of a set of rules, but their actual behaviour is influenced by the other policies implemented by all the other network functions around them. This paper proposes a formal model that can be used to detect inter-function anomalies, which are defined as the interferences between two or more functions deployed in the same network. We have proved with experiments that the proposed model is fast and scalable.However, unless a system is really simple, an administrator cannot actually evaluate the global effect of the enforced security policy, which is obtained by the configuration of all the functions deployed in the network. In other words, this important task is performed without a holistic view of the overall security requirements, and this increases the chance of misconfigurations. In addition, the security administrators must deal with the highly dynamic nature of these deployments, hence worsening the problem even further. Indeed, VNFs can run on a range of industry standard server hardware and can be moved and instantiated at any locations in the network, without the need of new equipment installation [5].The typical approach is trial and error. When one or more misconfigurations are reported, the administrators correct them by creating ad hoc rules and repeat the process until no more errors are present. This methodology, although simple, is only a temporary palliative because it can produce serious maintenance problems in the future. Guaranteeing the absence of misconfigurations is however nearly impossible without an appropriate software tool. It is therefore highly desirable to have a practical solution to evaluate the policy actually enforced, which is based on sound theoretical foundations.In the last few years, several authors have tried to identify potential misconfigurations by detecting and resolving policy conflicts. These works have classified and detected conflicts in the same device (intra-policy) or conflicts between homogeneous devices, for example, two firewalls or two cascading IPsec devices (inter-policy) [6,7]. Nevertheless, the complexity of real systems is not self-contained, as each network function may affect the behaviour of other functions in the same network. For instance, a firewall may block some encrypted communication channels or a NAT may alter the decision of several packet filters. For this reason, it is indispensable to help the administrators by supporting, in a general analysis framework, different types of functions (e.g. firewalls, content filters, channel protection devices, logging, monitoring, and so on) and their interactions.In this paper, we propose a novel approach that is able to analyse an SDN/NFV scenario when heterogeneous networking devices and technologies are used. Our approach also works if different types of policy-enabled VNFs are deployed. Our solution is both easy to extend to other function t...
