Traditional network security functions are generally implemented on vendor proprietary appliances or middleboxes, which usually lack a general programming interface, and their versatility and flexibility are also very poor. These traditional network security appliances often need to be placed at fixed network entry points and have a constant capacity with respect to the maximum amount of traffic they can process. Such rigid nature makes them inefficient in protecting today's prevailing programmable and virtualizable environments. Network Function Virtualization (NFV) and Software-Defined Networking (SDN) are two emerging networking paradigms that offer the potential to address those limitations and are able to facilitate elastic security with the design of a new breed of network security functions called virtual Network Security Functions (vNSFs). The major goal of this project is to extend the understanding and science of virtual Network Security Functions. It will develop new technology for virtual Network Security Functions where security microservices can be deployed elastically, safely and efficiently, on demand, tailored to the needs of the situation. It addresses major challenges inherent in the management, design, deployment, and execution of virtual Network Security Functions that currently prevent the full use of their benefits. This project will also integrate a comprehensive education plan with the proposed research to train the next generation workforce in computational sciences. The project will foster the diversity of students by active recruitment of women and other under-represented groups for participation in the research. This project will first propose a new firewall architecture to address challenges in virtual firewall scaling. This project will then explore solutions to facilitate safe and efficient virtualization of both traditional and Artificial Neural Network (ANN)-based Intrusion Detection Systems. Finally, this project will develop a general framework, OpenNSFV, for supporting safe and efficient virtualization of network security functions. The proposed solutions of this project will be flexible, scalable, trustworthy, and optimal, and will substantially enhance the security of programmable and virtualizable network infrastructure. To demonstrate the practicality and feasibility of the proposed solutions, the project will implement, deploy, and evaluate the proposed security mechanisms in real production environments.
CAREER: Towards Elastic Security with Safe and Efficient Network Security Function Virtualization