Towards the Dynamic Provision of Virtualized Security Services

Basile, Cataldo; Pitscheider, Christian; Risso, Fulvio; Valenza, Fulvio; Vallini, Marco

doi:10.1007/978-3-319-25360-2_6

Cited by 9 publications

(8 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It uses horizontal scaling to leverage performance, however, it only considers functions that process traffic at the flow level. The authors in [10], address the allocation of security services in virtualized environments and discuss their challenges. They model the allocation problem for ISP networks to minimise the cost of operators as a Mixed-Integer Linear Programming (MILP) problem but no results for the implementation are reported.…”

Section: Related Workmentioning

confidence: 99%

On the Optimality of Virtualized Security Function Placement in Multi-Tenant Data Centers

Ali

Anagnostopoulos

Pezaros

2018

2018 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

Security and service protection against cyber attacks remain among the primary challenges for virtualized, multitenant Data Centres (DCs), for reasons that vary from lack of resource isolation to the monolithic nature of legacy middleboxes. Although security is currently considered a property of the underlying infrastructure, diverse services require protection against different threats and at timescales which are on par with those of service deployment and elastic resource provisioning. We address the resource allocation problem of deploying customised security services over a virtualized, multi-tenant DC. We formulate the problem in Integral Linear Programming (ILP) as an instance of the NP-hard variable size variable cost bin packing problem with the objective of maximising the residual resources after allocation. We propose a modified version of the Best Fit Decreasing algorithm (BFD) to solve the problem in polynomial time and we show that BFD optimises the objective function up to 80% more than other algorithms.

show abstract

Section: Related Workmentioning

confidence: 99%

On the Optimality of Virtualized Security Function Placement in Multi-Tenant Data Centers

Ali

Anagnostopoulos

Pezaros

2018

2018 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

show abstract

“…Several studies in the peer-reviewed literature tackle the problem by proposing architectural and mathematical solutions with the aim of optimizing the utilization of network and computational resources and minimizing the operational costs [2], [3]. As reported in Section IV, recent works go beyond the simple cost and resource optimization by introducing more specific constraints, either to enforce the security of the network [4], [5], or to guarantee QoS parameters such as minimum bandwidth and maximum end-to-end latency [6], [7].…”

Section: Motivationmentioning

confidence: 99%

“…In [5], the authors provide a model to determine the best placement of security VNFs based on the user requirements and the cost for the network operator. However, the proposed approach does not take into account the specific QoS requirements of the user's applications.…”

Section: Related Workmentioning

confidence: 99%

Application-Centric provisioning of virtual security network functions

Doriguzzi-Corin

Scott-Hayward²,

Siracusa

et al. 2017

2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)

View full text Add to dashboard Cite

“…The authors in [1] address the allocation of security services in virtualized environments and discuss their challenges. They model the allocation problem in ISP networks to minimise the cost of network operators as a mixedinteger linear programming (MILP) problem but no results are reported.…”

Section: Related Workmentioning

confidence: 99%

“…A typical security system for a Data Center (DC) usually consists of a combination of bespoke hardware-based (middleboxes) e.g., Firewalls and Intrusion Detection and/or Prevention Systems (IDS/IPS), and Deep Packet Inspection (DPI) appliances, deployed in fixed locations [1] which restricts the ability of the infrastructure to react rapidly to changes or respond to attacks [2]. These middleboxes are expensive high-performance vendor-specific appliances with limit extensible functionality and results in vendor lock-in.…”

Section: Introductionmentioning

confidence: 99%

Resource-aware placement of softwarised security services in cloud data centers

Ali

Anagnostopoulos

Pezaros

2017

2017 13th International Conference on Network and Service Management (CNSM)

View full text Add to dashboard Cite

Abstract-Virtualizing middleboxes as software for Cloud tenants can eliminate the monolithic processing and static deployment of legacy middleboxes and provide an efficient provisioning for security services. However, inefficient managing of the virtualized security services can reduce the gains of Cloud deployment. We propose a resources-efficient placement of the security functions in the infrastructure of a three-tier Cloud DC by modifying the Best-Fit Decreasing algorithm to solve the problem while satisfying the placement resources and traffic constraints.

show abstract

Towards the Dynamic Provision of Virtualized Security Services

Cited by 9 publications

References 11 publications

On the Optimality of Virtualized Security Function Placement in Multi-Tenant Data Centers

On the Optimality of Virtualized Security Function Placement in Multi-Tenant Data Centers

Application-Centric provisioning of virtual security network functions

Resource-aware placement of softwarised security services in cloud data centers

Contact Info

Product

Resources

About