Software Defined Security Mechanisms for Critical Infrastructure Management



Similar documents
PROVIDING SECURITY IN NFV CHALLENGES AND OPPORTUNITIES

Network Functions as-a-service over Virtualised Infrastructures T-NOVA. Presenter: Dr. Mamadu Sidibe

T-NOVA: Network Functions As-a-Service Over Virtualized Infrastructures. George Xilouris T-NOVA Technical Coordinator

An Integrated Validation Approach to SDN & NFV

Leveraging SDN and NFV in the WAN

NFV Management and Orchestration: Enabling Rapid Service Innovation in the Era of Virtualization

ETSI NFV ISG DIRECTION & PRIORITIES

Network Operations in the Era of NFV & SDN. Chris Bilton - Director of Research & Technology, BT

Ontology, NFV and the Future OSS September 2015

SOFTWARE DEFINED NETWORKING

SDN PARTNER INTEGRATION: SANDVINE

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

SDN and NFV in the WAN

Transforming Service Life Cycle Through Automation with SDN and NFV

OpenFlow-enabled SDN and Network Functions Virtualization. ONF Solution Brief February 17, 2014

ETSI NFV Management and Orchestration - An Overview

SOLUTION WHITE PAPER. Building a flexible, intelligent cloud

Security Issues in Cloud Computing

PLUMgrid Open Networking Suite Service Insertion Architecture

FIREWALL - NETWORK FUNCTION VIRTUALIZATION. June 2013

NFV and its Implications on Network Fault Management Abhinav Anand

NSN Liquid Core Management for Telco Cloud: Paving the way for reinventing telcos for the cloud

Driving SDN Adoption in Service Provider Networks

Panel: Cloud/SDN/NFV 黃 仁 竑 教 授 國 立 中 正 大 學 資 工 系 2015/12/26

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

Delivering Managed Services Using Next Generation Branch Architectures

Hybrid Cloud Delivery Managing Cloud Services from Request to Retirement SOLUTION WHITE PAPER

Don t Fly Blind Through the Clouds: Avoiding the Pitfalls of Virtualization

How To Protect Your Cloud Computing Resources From Attack

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

HOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Customer Benefits Through Automation with SDN and NFV

Network Function Virtualization Primer. Understanding NFV, Its Benefits, and Its Applications

Software Defined Data Center for Network Functions Virtualization. Leonardo Vomero EMC Forum 2014 Dubai,17th November 2014

Effective End-to-End Cloud Security

In-Network Programmability for Next-Generation personal Cloud service support: The INPUT project

white paper Introduction to Cloud Computing The Future of Service Provider Networks

Protecting Your SDN and NFV Network from Cyber Security Vulnerabilities with Full Perimeter Defense

Virtualization, SDN and NFV

Management & Orchestration of Metaswitch s Perimeta Virtual SBC

Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments

NFV Checklist. Designing Agile, Scalable Networks for Carrier-Grade Performance

Cloud computing: the IBM point of view

Unifying the Programmability of Cloud and Carrier Infrastructure

NFV and What it Means to You From ETSI to MANO to YANG Making Sense of it All

How To Protect Your Cloud From Attack

The NFV Move in Network Function/Service/ Chaining/Graph/

Nokia CloudBand Network Director

OPNFV Summit 2015 Presentation. Coexistence of Commercial Solutions with OpenSource OPNFV Platform

Managed Cloud Services

Why Service Providers Need an NFV Platform Strategic White Paper

SDN Applications in Today s Data Center

Cisco NFV Solution for the Cisco Evolved Services Platform

Unlocking virtualization s full potential

The Next Frontier for SDN: SDN Transport

Business Case for Open Data Center Architecture in Enterprise Private Cloud

Software-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University

Private Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Realizing Network Function Virtualization Management and Orchestration with Model Based Open Architecture

The Distributed Cloud: Automating, Scaling, Securing & Orchestrating the Edge

WHITE PAPER. How To Compare Virtual Devices (NFV) vs Hardware Devices: Testing VNF Performance

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

Dynamic Service Chaining for NFV/SDN

Cloud Computing for SCADA

Evolution of OpenCache: an OpenSource Virtual Content Distribution Network (vcdn) Platform

Building the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems

Selecting the right Cloud. Three steps for determining the most appropriate Cloud strategy

Enterprise Cloud Services HOSTED PRIVATE CLOUD

Cloud Orchestration. Mario Cho. Open Frontier Lab.

Interoute Virtual Data Centre. Hands on cloud control.

Intel Network Builders

Network Functions Virtualization (NFV) for Next Generation Networks (NGN)

What is SDN all about?

NFV and SDN Answer or Question?

Cloud Security Axians Carrier & Broadband Days. Christof Jungo C1, Public (Axians Carrier Days) September 15 Darmstadt

Horizontal Integration - Unlocking the Cloud Stack. A Technical White Paper by FusionLayer, Inc.

Unconstrained Datacenter Networks for the Cloud Era

Security & Trust in the Cloud

OVERVIEW Cloud Deployment Services

Cloud Lifecycle Management

SDN FOR IP/OPTICAL TRANSPORT NETWORKS

ETSI GS NFV 002 V1.1.1 ( )

Network Function Virtualization & Software Defined Networking

NEC Virtualized Evolved Packet Core vepc

IT Infrastructure Services. White Paper. Utilizing Software Defined Network to Ensure Agility in IT Service Delivery

Challenges in Hybrid and Federated Cloud Computing

Transcription:

Software Defined Security Mechanisms for Critical Infrastructure Management SESSION: CRITICAL INFRASTRUCTURE PROTECTION Dr. Anastasios Zafeiropoulos, Senior R&D Architect, Contact: azafeiropoulos@ubitech.eu

Network and not only- softwarization The Future Internet is the Future Internet Software. The hardware will become a commodity and the value will be in the software to drive it and the data it generates. Era of a software revolution through the design of infrastructural agnostic applications. Applications and services provided without the definition of strict borders and control points. Softwarization seen as a game-changer for the Telecom, Cloud and ICT domains.

Move towards a new world of applications Reconfigurable by design applications. Exploit programmability of the underlying infrastructure. Dynamically adaptive according to network conditions and policies. Need for novel programming paradigms and open APIs. Avoid vendor lock-in.

The ARCADIA Project Horizon 2020 EU funded project (Call:H2020-ICT-2014-1) - http://www.arcadia-framework.eu Design of a novel reconfigurable by design highly distributed applications development paradigm over programmable infrastructure. Novel software development paradigm; Context Model that will conceptualize dynamic configuration and programmable aspects of underlying resources; Smart Controller that is going to undertake placement and real time management of applications over programmable infrastructure.

ARCADIA Conceptual Architecture

Enabling Technologies Network Function Virtualization Deployment and management of applications; Carrier grade and scalable solutions. Software Defined Networking Exploit network programmability; Management of NFV deployments. Reactive Software Development Paradigm - Interpretable Software Annotations High level description of objectives; Configurability hints to orchestration components; Real time adaptation/re-configuration.

Network Function Virtualization E2E Network Service End Point Network Service End Point Logical Abstractions Logical Links SW Instances VNF : Virtualized Network Function VNF VNF VNF VNF VNF VNF Instances VNF VNF VNF VNF NFV Infrastructure (NFVI) VNF Forwarding Graph aka. Service Chain Virtual Resources Virtual Compute Virtual Storage Virtual Network Virtualization SW HW Resources Virtualization Layer Compute Storage Network

Service Chaining according to Virtual Functions (VFs) Develop NFV-aware applications - Virtual Network Functions (VNFs) are becoming more and more application oriented. VNFs require support of application orchestration beyond network resource configuration. VFs as abstraction of VNFs. Service Chaining: multiple VFs used in sequence to deliver a service - E2E Services composed through VF Forwarding Graphs ETSI NFV Architecture, Network Functions Virtualisation (NFV); Management and Orchestration

ARCADIA Application Breakdown

Reactive Distributed Software Development Paradigm Simple and high-level abstractions for concurrency and parallelism. High levels of responsiveness, resiliency, elasticity and asynchronous mode of communication. Reactive components, able to react and dynamically adapt to the conditions on their operational environment. Non-blocking behaviour among the instantiated functions per component - asynchronous and event-driven programming models. Parts of the system can fail and recover without compromising the overall application while high-availability can be ensured through replication in critical components Let-it-crash models. Properties of Reactive Systems based on the Reactive Manifesto

NFV Security Main Challenges Combination of all generic virtualization threats and those threats specific to network function software. Network function-specific threats are determined by the quality of the network function s design and software implementation. Reliance on additional software (that is, hypervisors and modules for management and orchestration) and hence a longer chain of trust. Reduced isolation of network functions. Fate-sharing due to resource pooling and multitenancy. Providing Security in NFV: Challenges and Opportunities, Alcatel-Lucent Strategic White Paper

NFV Security Opportunities Virtualization provides the potential to eliminate some threats inherent to the network function software through new mechanisms such as hypervisor introspection and centralized security management. VM introspection monitoring can provide high-fidelity monitoring while keeping the monitor secure by leveraging the isolation provided by virtualization. Centralized security management allows network functions to be configured and protected effectively according to a common policy as well as to support a set of automated mechanisms. Design and deployment of a policy-driven approach to orchestration, security zoning and workload placement. e.g if the policy requires that certain VNF components to be separated physically, they will be placed on different hosts. Support state-of-the-art security analytics to enable security anomaly prediction, detection and isolation.

Critical Infrastructure NFV deployment models and Security Considerations Private NFV deployment model the carrier owns the cloud, network function software and service portal main threats coming from insiders analytics applied to access logs Exposed NFV deployment model some network functions are exposed to subscribers infiltration or compromise of a public network function to internal VNFs employ security zoning, hypervisor introspection and analytics

Critical Infrastructure NFV deployment models and Security Considerations Hybrid NFV deployment model management of VNFs from a third party entity potential for attack in the carrier network identity and access management solutions Community NFV deployment model the carrier hosts network functions that are deployed and managed by different parties attack by a malicious VNF or other application employ security zoning and firewalling decommissioning and recommissioning of VNFs Providing Security in NFV: Challenges and Opportunities, Alcatel-Lucent Strategic White Paper

Security Analytics in NFV world Objective to detect, explain, explore, and understand security events in an NFV environment. Analytics will be crucial to support dynamic service chains, service automation and detect security threats. real-time correlation and log aggregation historical analysis and long-term insights ability to train models and detect outliers across any of the existing security data feeds. Collect service chain performance analytics and identify anomalies or misbehaviour of a software instance.

High Performance Survivable Communications in Distributed IoT Deployments Provide public safety agencies with a survivable, scalable and robust communications and professional IoT-supported intervention management services during day-to-day operation and disaster relief missions.

http://www.arcadia-framework.eu https://twitter.com/eu_arcadia http://www.ubitech.eu Anastasios Zafeiropoulos, Senior R&D Architect, UBITECH Contact: azafeiropoulos@ubitech.eu

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information