Biblio

Filters: Author is Blanc, Gregory  [Clear All Filters]
2020-04-17
Jmila, Houda, Blanc, Gregory.  2019.  Designing Security-Aware Service Requests for NFV-Enabled Networks. 2019 28th International Conference on Computer Communication and Networks (ICCCN). :1—9.

Network Function Virtualization (NFV) is a recent concept where virtualization enables the shift from network functions (e.g., routers, switches, load-balancers, proxies) on specialized hardware appliances to software images running on all-purpose, high-volume servers. The resource allocation problem in the NFV environment has received considerable attention in the past years. However, little attention was paid to the security aspects of the problem in spite of the increasing number of vulnerabilities faced by cloud-based applications. Securing the services is an urgent need to completely benefit from the advantages offered by NFV. In this paper, we show how a network service request, composed of a set of service function chains (SFC) should be modified and enriched to take into consideration the security requirements of the supported service. We examine the well-known security best practices and propose a two-step algorithm that extends the initial SFC requests to a more complex chaining model that includes the security requirements of the service.

2019-06-17
Blanc, Gregory, Kheir, Nizar, Ayed, Dhouha, Lefebvre, Vincent, de Oca, Edgardo Montes, Bisson, Pascal.  2018.  Towards a 5G Security Architecture: Articulating Software-Defined Security and Security As a Service. Proceedings of the 13th International Conference on Availability, Reliability and Security. :47:1–47:8.

5G is envisioned as a transformation of the communications architecture towards multi-tenant, scalable and flexible infrastructure, which heavily relies on virtualised network functions and programmable networks. In particular, orchestration will advance one step further in blending both compute and data resources, usually dedicated to virtualisation technologies, and network resources into so-called slices. Although 5G security is being developed in current working groups, slice security is seldom addressed. In this work, we propose to integrate security in the slice life cycle, impacting its management and orchestration that relies on the virtualization/softwarisation infrastructure. The proposed security architecture connects the demands specified by the tenants through as-a-service mechanisms with built-in security functions relying on the ability to combine enforcement and monitoring functions within the software-defined network infrastructure. The architecture exhibits desirable properties such as isolating slices down to the hardware resources or monitoring service-level performance.