Visible to the public Biblio

Filters: Author is de Oca, Edgardo Montes  [Clear All Filters]
2020-01-21
Mai, Hoang Long, Aouadj, Messaoud, Doyen, Guillaume, Mallouli, Wissam, de Oca, Edgardo Montes, Festor, Olivier.  2019.  Toward Content-Oriented Orchestration: SDN and NFV as Enabling Technologies for NDN. 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). :594–598.
Network Function Virtualization (NFV) is a novel paradigm which enables the deployment of network functions on commodity hardware. As such, it also stands for a deployment en-abler for any novel networking function or networking paradigm such as Named Data Networking (NDN), the most promising solution relying on the Information-Centric Networking (ICN) paradigm. However, dedicated solutions for the security and performance orchestration of such an emerging paradigm are still lacking thus preventing its adoption by network operators. In this paper, we propose a first step toward a content-oriented orchestration whose purpose is to deploy, manage and secure an NDN virtual network. We present the way we leverage the TOSCA standard, using a crafted NDN oriented extension to enable the specification of both deployment and operational behavior requirements of NDN services. We also highlight NDN-related security and performance policies to produce counter-measures against anomalies that can either come from attacks or performance incidents.
2019-06-17
Blanc, Gregory, Kheir, Nizar, Ayed, Dhouha, Lefebvre, Vincent, de Oca, Edgardo Montes, Bisson, Pascal.  2018.  Towards a 5G Security Architecture: Articulating Software-Defined Security and Security As a Service. Proceedings of the 13th International Conference on Availability, Reliability and Security. :47:1–47:8.

5G is envisioned as a transformation of the communications architecture towards multi-tenant, scalable and flexible infrastructure, which heavily relies on virtualised network functions and programmable networks. In particular, orchestration will advance one step further in blending both compute and data resources, usually dedicated to virtualisation technologies, and network resources into so-called slices. Although 5G security is being developed in current working groups, slice security is seldom addressed. In this work, we propose to integrate security in the slice life cycle, impacting its management and orchestration that relies on the virtualization/softwarisation infrastructure. The proposed security architecture connects the demands specified by the tenants through as-a-service mechanisms with built-in security functions relying on the ability to combine enforcement and monitoring functions within the software-defined network infrastructure. The architecture exhibits desirable properties such as isolating slices down to the hardware resources or monitoring service-level performance.