Uniform IoT security using NFV based policy enforcement gateways
|
|
- Myra Golden
- 5 years ago
- Views:
Transcription
1 Uniform IoT security using NFV based policy enforcement gateways Adrian L. Shaw Hewlett Packard Labs (Bristol, UK) SICS Security Day 2016
2 # whoami Senior Researcher, Hewlett Packard Labs HPE s advanced research arm Security & Manageability Laboratory, (Bristol, UK) Long history in platform security Personal experience in OS and FW security 2015 split Interests Platform security in distributed systems Practical/exploratory applications of trusted computing Runtime integrity protection Integrity models and scalable verification Infrastructure Servers Networking Storage Security Software Cloud and telecom Services PCs Printers Wearables 2
3 You probably have one of these 3
4 And had to learn one of these 4
5 Let s define some of the issues Each device can have very different security levels Complex management of security controls for so many platforms with so different characteristics Lack of uniform capabilities (accelerated encryption, limitations in performance, energy and memory) With changing network connections May not necessarily consistently rely on consistent network border protection Physical media: wireless, wired, mesh With different policy requirements Stationary and mobile Multi-tenancy Finally, someone has to (correctly!) learn all the heterogeneous security controls
6 Introducing SECURED: From heterogeneous to uniform security security applications independent from user terminals security protection independent from user location
7 Outline of this talk The SECURED architecture Deployment in virtualized infrastructure Policy definition, analysis and enforcement Results Standardisation activities 7
8 Introducing SECURED (FP7) SECURity at the network EDge 8
9 The SECURED components NED (Network Edge Device) Trusted node (with Trusted Computing techniques) E.g. home gateway, corporate router, wireless AP, GGSN Sets up a Trusted Virtual Domain per user Personal Security Applications (PSA) Security applications as virtual network functions, executed on a NED Specific tasks (packet filter, parental control, anti-phishing, content inspection, ) Several PSA can be chained according to security policies Security policies Simplify configuration of PSAs and share best practices (e.g., block inconvenient content) Flexibility (devices owners care about policy, not implementation)
10 The SECURED framework architecture authn 3. get policies Policy repository E.g., No internet connection after 10.00pm 2. authenticate 1. trust 4. get apps Application repository user terminal NED 5. protect! personal execution environment
11 NED components at work (1) the Trusted Virtual Domain
12 NED components at work (2) User A TVD User B TVD authn TVD Manager MGMT & CTRL EE1 Personal Controller... PSA 1 EE2 User A Trusted Channel Endpoint User B TPM NED Control Plane and Management Network User A Data Plane Network Internet
13 Main challenges addressed Performance and scalability The NED may have to support hundred of users, each one with his policies In principle, this means hundreds (or even more) Trusted Virtual Domains Building the trust Is the NED trusted? Are really my policies enforced there? High level, human friendly security policies, with conflict analysis in multi-device environment
14 Performance and Scalability In essence, the NED is equivalent to an NFV compute platform. A lot of work is currently ongoing with respect to performance and scalability of NFV platforms. Not much work in the security use cases DPI BRAS Firewall CG-NAT PE Router GGSN/ SGSN VIRTUAL NETWORK FUNCTIONS FUNCTION COMMON HW (Servers & Switches) CAPACITY
15 Building trust 15
16 Building trust Is the NED trusted? E.g., is the base software (OS, software switch, etc.) the one we expect? Are only my PSA running in the NED and inspecting my traffic? I.e., can I be sure that no other PSA are handling my data? Are network devices trusted? Network devices can be compromised as well Are network paths trusted? I.e., is my traffic crossing some additional (malicious) device that manipulates my data?
17 The current SECURED trust architecture Measurements are repeated periodically to guarantee that the NED is not compromised device secure & trusted channel NED (Network Edge Device policy app(s) TPM certification of good state (cryptographically bound to the secure channel) measures Trusted verifier
18 Remote attestation: current limitations TPM is slow Supports a limited number of measurement per second Short (malicious) tasks may be discovered too late Execution environment (e.g., Virtual machine, Linux container, etc.) We can guarantee only the code of applications running on the bare hardware We can guarantee that the VM image is correct, but we cannot guarantee it is not changed at run-time Other applications Softswitch OpenFlow rules No guarantees on ephemeral state of applications E.g., OpenFlow rules We made progress in last year s talk: enabled TPMs in ProVision for dynamic OpenFlow integrity reporting Trusted Platform Module Operating system + hypervisor NED
19 Going distributed: other challenges arise Need to setup a transitive chain of trust Execution environment PSA2 Cloud controller Execution environment PSA3 Execution environment PSA1 Compute node1 Compute node2 User s network traffic NED Trust rela*onship
20 What about the network paths? Future! The Vision: automated and trustworthy monitoring for SDN Introducing the SDN verifier Assess that SDN configurations of switches match the controller expectation SDN controller sync SDN verifier VM VM vswitch Out-of-band challenge/response: meant for continual attestation Challenge: Build a trusted reporting mechanism for each network device (physical and virtual) Towards Trustworthy Software-defined Networks using a hardware-based integrity measurement architecture - L. Jacquin, A. L. Shaw, C. I. Dalton (NetSoft 2015) control plane not shown monitoring plane
21 Policy-driven security Definition, analysis and enforcement 21
22 High level, human friendly security policies HSPL: high-level security policy language Specifies the end-user security requirements Formally, a language with the following syntax: [ subject ] action object [ (field_type,value)... (field_type,value) ] In practice, HSPL looks very similar to natural language and its constructs can be easily created through a graphical interface Examples Toaster is not authorized to get access to illegal content Owner enables scanning for antimalware for sensors Translated down to common MSPL: medium-level security policy language Like machine-readable XML, similar to XACML MSPL fields are essentially a list of abstract capabilities (e.g. filter, block, transform, etc) Developer writes translation plugin from MSPL to the low-level app-specific syntax These plugins are known as Medium to Low-level (M2L)
23 Policy-driven security made easy (codenamed: the Grandmother GUI)
24 MSPL capabilities Project SECURED ( 24
25 Stackable multi-tenanted security policies The same Internet access may be subject to constraints from different tenants, depending on the network environment Policies are applied hierarchically according to the user and connection profiles User is informed of the overall policy applied to her connection and may refuse to connect to the network government ISP parent user (child) government ISP corporation department user (employee) 25
26 Policy definition and enforcement Translation and analysis engines prototyped on the OpenDaylight SDN controller
27 Results In order to cut down the time to verify remote attestations, a centralised verifier is used to cache results. We perform differential logging such that: - Previous analyses are not repeated - Integrity report size reduces network chatter Validation in Summer of 2015 shows average fresh remote attestation protocol takes ~3 seconds. If already cached, can be nearly instantaneous. The MSPL policy representation was applied at scale to handle thousands of IPtables and Squid transparent proxy configurations. 27
28 Test PSAs with MSPL plugins Intrusion Detection (Bro NSM) Re-encryption (MITMproxy) Anti-phishing (DansGuardian) Transparent VPN (StrongSwan) L4 Firewall (IPtables) L7 Firewall (Squid) Anonymity (OpenVPN) Bandwidth Control (TC) Got encrypted traffic? Re-encryption VNF 28
29 Conclusion SECURED selected as a flagship security project by the European Commission Strong interest around Europe (5G and NFV communities) Contributions to standardisation: IETF I2NSF vnsf attestation ETSI NFV-SEC-007 report on attestation technologies TCG Network Element subgroup Due for another test pilot in the summer of 2016 Early results are promising, although our integrity verification research continues Ongoing work: move prototype to an NFV platform: UNIFY UN, OPNFV, etc Open-source (if all goes to plan) The research described in this presentation is part of the SECURED project, co-funded by the European Commission under the ICT theme of FP7 (grant agreement no ) 29
30 Special thanks Consortium contact: Prof. Antonio Lioy: Politecnico di Torino Hewlett Packard Labs Telefonica I+D Universitat Politècnica de Catalunya Barcelona Supercomputing Center VTT Technical Research Center of Finland UNICRI PRIMETEL The research described in this presentation is part of the SECURED project, co-funded by the European Commission under the ICT theme of FP7 (grant agreement no ) 30
31 Thanks for your attention!
SECURED SECurity at the network EDge
SECURED SECurity at the network EDge Antonio Lioy Politecnico di Torino < lioy @ polito.it > TENACE meeting Sestriere (Italy) January 22 nd, 2015 The SECURED FP7 project FP7 call 10 Collaborative Project
More informationNetwork Virtualisation Vision and Strategy_ (based on lesson learned) Telefónica Global CTO
Network Virtualisation Vision and Strategy_ (based on lesson learned) Telefónica I+D @ Global CTO 18.03.2014 Business development requires a continuous evolution of our network but it still seems unable
More informationExploiting the network for securing personal devices
Exploiting the for securing personal devices Chris Dalton ( ), Antonio Lioy (+), Diego Lopez ($), Fulvio Risso (+), and Roberto Sassu (+) (*) HP Laboratories, Bristol, United Kingdom (+) Politecnico di
More informationIntelligent Service Function Chaining. March 2015
Intelligent Service Function Chaining March 2015 Drivers & challenges for Service Chaining 1. Easier & faster service deployment 2. Cost reduction 3. Smooth transition to the future architecture 4. Standardization
More informationThe trust problem in modern network infrastructures
The trust problem in modern network infrastructures Ludovic Jacquin (*), Antonio Lioy (+), Diego R. Lopez (%), Adrian L. Shaw (*), and Tao Su (+) (*) Hewlett-Packard Laboratories (Bristol, UK) (+) Politecnico
More informationThe Virtual Brick Road Achievements and Challenges in NFV Space. Diego R. Lopez Telefónica NFV ISG Technical Manager October 2013
The Virtual Brick Road Achievements and Challenges in NFV Space Diego R. Lopez Telefónica NFV ISG Technical Manager October 2013 The NFV Concept A means to make the network more flexible and simple by
More informationSDN+NFV Next Steps in the Journey
SDN+NFV Next Steps in the Journey Margaret T. Chiosi AT&T Labs Distinguished Architect SDN-NFV Realization 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks
More informationRaj Jain (Washington University in Saint Louis) Mohammed Samaka (Qatar University)
APPLICATION DEPLOYMENT IN FUTURE GLOBAL MULTI-CLOUD ENVIRONMENT Raj Jain (Washington University in Saint Louis) Mohammed Samaka (Qatar University) GITMA 2015 Conference, St. Louis, June 23, 2015 These
More informationOverview on FP7 Projects SPARC and UNIFY
Overview on FP7 Projects SPARC and UNIFY Mario Kind, Telekom Innovation Laboratories, Deutsche Telekom AG UNIFY is co-funded by the European Commission DG CONNECT in FP7 Recent activities on SDN, NFV FP7
More informationVirtualized Security at the Network Edge: A User-centric Approach
Virtualized Security at the Network Edge: A User-centric Approach D. Montero, M. Yannuzzi, A. Shaw, L. Jacquin, A. Pastor, R. Serral-Gracià, A. Lioy, F. Risso, C. Basile, R. Sassu, M. Nemirovsky, F. Ciaccia,
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationApplications of Attestation:
Lecture Secure, Trusted and Trustworthy Computing : IMA and TNC Prof. Dr. Ing. Ahmad Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Winter Term 2011/2012 1 Roadmap: TC
More informationSoftware Defined Networking and Network Functions Virtualization The Next Big Thing in Networking
Software Defined Networking and Network Functions Virtualization The Next Big Thing in Networking Dirk Kutscher, Fabian Schneider NEC Laboratories Europe, NEC Europe Ltd. fabian.schneider@neclab.eu Acknowledgement
More information23 Must-Have WiFi Features
23 Must-Have WiFi Features Installing, updating or expanding a WiFi network can seem complicated because of the long list of features available and the always-evolving nature of technology. The point of
More informationNuage Networks Product Architecture. White Paper
Nuage Networks Product Architecture White Paper Table of Contents Abstract... 3 Networking from the Application s Perspective... 4 Design Principles... 4 Architecture... 4 Integrating Bare Metal Resources...
More informationPOLITECNICO DI TORINO Repository ISTITUZIONALE
POLITECNICO DI TORINO Repository ISTITUZIONALE Per-user NFV services with mobility support Original Per-user NFV services with mobility support / D Ambrosio, Matteo; Ullio, Mario; Vercellone, Vinicio;
More informationIntroduction. Delivering Management as Agile as the Cloud: Enabling New Architectures with CA Technologies Virtual Network Assurance Solution
Delivering Management as Agile as the Cloud: Enabling New Architectures with CA Technologies Virtual Network Assurance Solution Introduction Service providers and IT departments of every type are seeking
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012 Roadmap: Trusted Computing Motivation Notion of trust
More informationMoving along the NFV Way_
Moving along the NFV Way_ Diego R. Lopez Telefónica I+D May 2014 The NFV Concept Network functions are fully defined by SW, minimising dependence on HW constraints DPI BRAS Firewall CG-NAT PE Router GGSN/
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationThomas Lin, Naif Tarafdar, Byungchul Park, Paul Chow, and Alberto Leon-Garcia
Thomas Lin, Naif Tarafdar, Byungchul Park, Paul Chow, and Alberto Leon-Garcia The Edward S. Rogers Sr. Department of Electrical and Computer Engineering University of Toronto, ON, Canada Motivation: IoT
More informationNFV and SDN what does it mean to enterprises?
OPINION NFV and SDN what does it mean to enterprises? By Clive Hamilton, VP Network Services, NTT Europe Rethinking the enterprise network The typical enterprise network now comprises hundreds or even
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationTRESCCA Trustworthy Embedded Systems for Secure Cloud Computing
TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing IoT Week 2014, 2014 06 17 Ignacio García Wellness Telecom Outline Welcome Motivation Objectives TRESCCA client platform SW framework for
More informationInnovation Technology for Future Convergence Network
KRnet 2013 Keynote Speech Innovation Technology for Future Convergence Network Jinsung Choi, Ph.D. EVP, Head of ICT R&D Division, SK Telecom Contents I. Key Trends Driving Network Evolution II. Innovation
More informationPreparing your Business for Virtualization
Preparing your Business for Virtualization Pierre Lavillat NFV Director Program Manager - HPE 2018 TM Forum 1 Future Network will be virtualized Classic Appliance Approach Virtualization Approach Message
More informationCloud Managed Campus, Cloudifying Network Management. Huawei Cloud Managed Campus Solution
Cloud Managed Campus, Cloudifying Network Management Huawei Cloud Managed Campus Solution Traditional Network Management Failed to Satisfy NaaS Needs High Cost of Local Network Devices Lack of Network
More informationWhere is the Network Edge? MEC Deployment Options, Business Case & SDN Considerations
Where is the Network Edge? MEC Deployment Options, Business Case & SDN Considerations Ian Goetz, Chief Architect, Vodafone Global Account, Juniper Networks August, 2016 Market Trends & The Network Environment
More informationBuilding NFV Solutions with OpenStack and Cisco ACI
Building NFV Solutions with OpenStack and Cisco ACI Domenico Dastoli @domdastoli INSBU Technical Marketing Engineer Iftikhar Rathore - INSBU Technical Marketing Engineer Agenda Brief Introduction to Cisco
More informationDevOps for Software-Defined Telecom Infrastructures. draft-unify-nfvrg-devops-01
DevOps for Software-Defined Telecom Infrastructures draft-unify-nfvrg-devops-01 C. Meirosu, A. Manzalini, J. Kim, R. Steinert, S. Sharma, G. Marchetto, I. Pappafili UNIFY is co-funded by the European Commission
More informationCross-Site Virtual Network Provisioning in Cloud and Fog Computing
This paper was accepted for publication in the IEEE Cloud Computing. The copyright was transferred to IEEE. The final version of the paper will be made available on IEEE Xplore via http://dx.doi.org/10.1109/mcc.2017.28
More informationSOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE
SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE March 2018 Table of Contents Introduction...1 Design...2 Use Cases...2 Underlay...3 Overlay...3 Dynamic Segmentation...3 Non-Stop Networking...4 Summary...5
More informationNetwork Virtualisation Reference architecture and ecosystem_. Telefónica Global CTO
Network isation Reference architecture and ecosystem_ Telefónica I+D @ Global CTO 18.03.2014 A future-proof network architecture requires distributing data plane intensive functions and centralising control
More informationLecture 14 SDN and NFV. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it
Lecture 14 SDN and NFV Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Traditional network vs SDN TRADITIONAL Closed equipment Software + hardware Cost Vendor-specific management.
More informationPolitecnico di Torino Network architecture and management. Outline 11/01/2016. Marcello Maggiora, Antonio Lantieri, Marco Ricca
Politecnico di Torino Network architecture and management Marcello Maggiora, Antonio Lantieri, Marco Ricca Outline Politecnico di Torino network: Overview Building blocks: Edge, Core, Distribution, Access
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Introduction to Trusted Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Summer Term 2017 Roadmap: Trusted Computing Motivation
More informationAccelerating SDN and NFV Deployments. Malathi Malla Spirent Communications
Accelerating SDN and NFV Deployments Malathi Malla Spirent Communications 2 Traditional Networks Vertically integrated Closed, proprietary Slow innovation 3 Infinite Complexity of Testing Across virtual
More informationSDN and NFV: How they Will Change Your Network Operations. IAMU Annual Conference March 2015 Eric Lampland Lookout Point Communications
SDN and NFV: How they Will Change Your Network Operations IAMU Annual Conference March 2015 Eric Lampland Lookout Point Communications Are you going to be the next legacy network? Will your services cost
More informationCurrent Challenges on SDN Research
Software Defined Networks ISCTE, April 04 2018 Current Challenges on SDN Research Rui L. Aguiar ruilaa@ua.pt Universidade de Aveiro Instituto de Telecomunicações 2005, it - instituto de telecomunicações.
More informationTrusted Network Access Control Experiences from Adoption
Trusted Network Access Control Experiences from Adoption Joerg Vieweg joerg.vieweg@fh-hannover.de Trust@FHH Research Group University of Applied Sciences and Arts Hanover https://trust.inform.fh-hannover.de
More informationNetwork Function Virtualization (NFV)
Network Function Virtualization (NFV) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ References 1. R. Mijumbi et al., Network Function Virtualization:
More informationM2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres
M2M / IoT Security Eurotech`s Everyware IoT Security Elements Overview Robert Andres 23. September 2015 The Eurotech IoT Approach : E2E Overview Application Layer Analytics Mining Enterprise Applications
More informationMEF's Lifecycle Service Orchestration (LSO): Multi-operator Service Delivery from Months to Minutes..
Seminar Series Sponsor Event Sponsors MEF's Lifecycle Service Orchestration (LSO): Multi-operator Service Delivery from Months to Minutes.. Janine Rebelo Head of Global Ethernet Product Development Vodafone
More informationIntel s Architecture for NFV
Intel s Architecture for NFV Evolution from specialized technology to mainstream programming Net Futures 2015 Network applications Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION
More informationVirtual Security Gateway Overview
This chapter contains the following sections: Information About the Cisco Virtual Security Gateway, page 1 Cisco Virtual Security Gateway Configuration for the Network, page 10 Feature History for Overview,
More informationSecurity Enhancements
https://www.shield-h2020.eu/ Security Enhancements By means of NFV and Cognitive Security Managed Security Services (MSS) and NFV NFV becomes a key enabler for security services Security VNFs are emerging
More informationLeverage SDN Principles in LTE to Meet Future Network Demands
Leverage SDN Principles in LTE to Meet Future Network Demands PLATFORM FOR PROFITABLE GROWTH The Role of SDN in LTE Networks SDN refers to specific technologies considered promising for mobile network
More informationNetwork Functions Virtualisation. Kazuaki OBANA Media Innovation Laboratory, NTT Network Innovation Laboratories
Network Functions Virtualisation Looking to the Future NFV ETSI Industry Specification Group Kazuaki OBANA Media Innovation Laboratory, NTT Network Innovation Laboratories Network Functions Virtualisation:
More informationOpenStack and OpenDaylight, the Evolving Relationship in Cloud Networking Charles Eckel, Open Source Developer Evangelist
OpenStack and OpenDaylight, the Evolving Relationship in Cloud Networking Charles Eckel, Open Source Developer Evangelist Agenda Introduction OpenStack OpenDaylight OPNFV Putting it all Together Conclusion
More informationSDN and NFV. Stepping Stones to the Telco Cloud. Prodip Sen CTO, NFV. March 16, 2016
SDN and NFV Stepping Stones to the Telco Cloud Prodip Sen CTO, NFV March 16, 2016 The Evolution of SDN and NFV 2 The technology journey: convergence of the SDN & NFV stages NFV phase 0 Decouple NFV phase
More informationMWC 2015 End to End NFV Architecture demo_
MWC 2015 End to End NFV Architecture demo_ March 2015 demonstration @ Intel booth Executive summary The goal is to demonstrate how an advanced multi-vendor implementation of the ETSI ISG NFV architecture
More informationSDN Evolution of networks. Raul Caldeira
SDN Evolution of networks Raul Caldeira The networked society SDN - Evolution of Networks Commercial in confidence Ericsson Telecomunicações, Lda 2013 2013-04-09 Page 2 Realizing the networked society
More informationIntel Network Builders Solution Brief. Etisalat* and Intel Virtualizing the Internet. Flexibility
Intel Network Builders Solution Brief Etisalat* and Intel Virtualizing the Internet Gateway Gi-LAN for Service Flexibility Introduction Etisalat Group* is one of the world s leading telecom groups in emerging
More informationNETWORK VIRTUALIZATION THE STORY OF SDN/NFV, NUAGE, DATACENTERS, VCPE
NETWORK VIRTUALIZATION THE STORY OF SDN/NFV, NUAGE, DATACENTERS, VCPE Roland Thienpont September 2014 CONSTRAINT CONSTRAINT CONSTRAINT Access & Capacity Static Networks Cost, Risk in Innovation CONSTRAINT
More informationBuilding a chain of trust from the device to the cloud Christian Kuhn, Senior Director, Business Development DNAC - 16 November 2017
Building a chain of trust from the device to the cloud Christian Kuhn, Senior Director, Business Development DNAC - 16 November 2017 Trust is vital and it s what we provide enabling our clients to deliver
More informationBuilding Security Services on top of SDN
Building Security Services on top of SDN Gregory Blanc Télécom SudParis, IMT 3rd FR-JP Meeting on Cybersecurity WG7 April 25th, 2017 Keio University Mita Campus, Tokyo Table of Contents 1 SDN and NFV as
More informationSoftware-Defined Networking (SDN) Overview
Reti di Telecomunicazione a.y. 2015-2016 Software-Defined Networking (SDN) Overview Ing. Luca Davoli Ph.D. Student Network Security (NetSec) Laboratory davoli@ce.unipr.it Luca Davoli davoli@ce.unipr.it
More informationSurvey of ETSI NFV standardization documents BY ABHISHEK GUPTA FRIDAY GROUP MEETING FEBRUARY 26, 2016
Survey of ETSI NFV standardization documents BY ABHISHEK GUPTA FRIDAY GROUP MEETING FEBRUARY 26, 2016 VNFaaS (Virtual Network Function as a Service) In our present work, we consider the VNFaaS use-case
More information5G Revolution & Service security in Korea
5G Revolution & Service security in Korea 2018.03.19. Jae Hoon Nah 5G Standardization timeline Standards development & deployment Source: IHS 2 Usage scenario for 5G (ITU-R) 3 Potential opportunities of
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationService Mesh and Microservices Networking
Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards
More informationPradeep Kathail Chief Software Architect Network Operating Systems Technology Group, Cisco Systems Inc.
Pradeep Kathail Chief Software Architect Network Operating Systems Technology Group, Cisco Systems Inc. March 4 th, 2014 2012 2010 Cisco and/or its affiliates. All rights reserved. 1 2012 Cisco and/or
More informationMaking Network Functions Software-Defined
Making Network Functions Software-Defined Yotam Harchol VMware Research / The Hebrew University of Jerusalem Joint work with Anat Bremler-Barr and David Hay Appeared in ACM SIGCOMM 2016 THE HEBREW UNIVERSITY
More informationElastic Network Functions: Opportunities and Challenges
Elastic Network Functions: Opportunities and Challenges Robert Szabo (Ericsson Research) EU-FP7-UNIFY Project UNIFY is co-funded by the European Commission DG CONNECT in FP7 Outline ETSI Elastic VNF with
More informationEnable Infrastructure Beyond Cloud
Enable Infrastructure Beyond Cloud Tim Ti Senior Vice President R&D July 24, 2013 The Ways of Communication Evolve Operator s challenges Challenge 1 Revenue Growth Slow Down Expense rate device platform
More informationDisclaimer CONFIDENTIAL 2
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally
More informationIoT privacy risk management in ANASTACIA project
ANASTACIA has received funding from the European Union s Horizon 2020 Research and Innovation Programme under Grant Agreement N 731558 and from the Swiss State Secretariat for Education, Research and Innovation.
More informationWay to Implement SDN Network In Data Center
Way to Implement SDN Network In Data Center Cloud Computing Era Is Coming Cloud computing market has a bright prospect According to a report from Forrester Research, the global cloud computing market will
More informationOpenADN: Service Chaining of Globally Distributed VNFs
OpenADN: Service Chaining of Globally Distributed VNFs Project Leader: Subharthi Paul Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Software Telco Congress, Santa Clara,
More informationThe next step in IT security after Snowden
The next step in IT security after Snowden Prof. Dr. (TU NN) Norbert Pohlmann Institute for Internet Security - if(is) Westphalian University of Applied Sciences Gelsenkirchen, Germany www.internet-sicherheit.de
More informationA QUICK INTRODUCTION TO THE NFV SEC WG. Igor Faynberg, Cable Labs Chairman ETSI NFV SEC WG
A QUICK INTRODUCTION TO THE NFV SEC WG Igor Faynberg, Cable Labs Chairman ETSI NFV SEC WG 1 The NFV SEC Working Group Misson The NFV SEC Working Group comprises computer. network, and Cloud security experts
More informationWe are innovating in security
We are innovating in security Security Network Network Innovation Day Day 2018 2018 We are We in are in threat and defense Complex mix of multiple vendors without effective orchestration IoT connected
More informationEnding the Confusion About Software- Defined Networking: A Taxonomy
Ending the Confusion About Software- Defined Networking: A Taxonomy This taxonomy cuts through confusion generated by the flood of vendor SDN announcements. It presents a framework that network and server
More informationRethinking Access Networks with High Performance
Rethinking Access Networks with High Performance Virtual Software BRASes Roberto Bifulco, Thomas Dietz, Felipe Huici, Mohamed Ahmed, Joao Martins, Saverio Niccolini, Hans-Joerg Kolbe roberto.bifulco@neclab.eu
More informationL7 Application Visibility for NFV and Data Centers
L7 Application Visibility for NFV and Data Centers Creating Service-Awareness across Networks October 2015 Agenda 1. Who is Qosmos? 2. What is L7 visibility and application awareness? 3. Use cases L7 application
More informationAgenda. Introduction Network functions virtualization (NFV) promise and mission cloud native approach Where do we want to go with NFV?
August, 2018 Agenda Introduction Network functions virtualization (NFV) promise and mission cloud native approach Where do we want to go with NFV? 2 Miroslaw Walukiewicz I m from Gdansk, Poland. 25 years
More informationIPv6 in the Telco Cloud
IPv6 in the Telco Cloud APNIC 44 September 2017 Telstra Unrestricted Copyright Telstra Introduction Sunny Yeung Senior Technology Specialist, Telstra Wireless Network Engineering Sunny.Yeung@team.telstra.com
More informationSecurity improvement in IOT based on Software
International Journal of Scientific & Engineering Research, Volume 8, Issue 4, April-2017 122 Security improvement in IOT based on Software Raghavendra Reddy, Manoj Kumar, Dr K K Sharma Abstract With the
More informationService Graph Design with Cisco Application Centric Infrastructure
White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...
More informationMan in the Middle Attacks and Secured Communications
FEBRUARY 2018 Abstract This document will discuss the interplay between Man in The Middle (MiTM/ MITM) attacks and the security technologies that are deployed to prevent them. The discussion will follow
More informationInternet Engineering Task Force (IETF) Request for Comments: 8192 Category: Informational
Internet Engineering Task Force (IETF) Request for Comments: 8192 Category: Informational ISSN: 2070-1721 S. Hares Huawei D. Lopez Telefonica I+D M. Zarny varmour C. Jacquenet France Telecom R. Kumar Juniper
More informationICN & 5G. Dr.-Ing. Dirk Kutscher Chief Researcher Networking. NEC Laboratories Europe
ICN & 5G Dr.-Ing. Dirk Kutscher Chief Researcher Networking NEC Laboratories Europe Performance and Security Today User Equipment Access Network Core/Service Network Application Servers 2 NEC Corporation
More informationEmpowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA. Bruno Barba Systems Engineer Mexico & CACE
Empowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA Bruno Barba Systems Engineer Mexico & CACE bbarba@brocade.com Brocade Who is Vyatta? Leader in software-based networking Founded in 2006
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationIntroducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS
Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS 1 Business drivers and their impact on IT AGILITY Move fast, be nimble and flexible 66% of business owners identify business agility as a priority EFFICIENCY
More informationQuantum, network services for Openstack. Salvatore Orlando Openstack Quantum core developer
Quantum, network services for Openstack Salvatore Orlando sorlando@nicira.com Openstack Quantum core developer Twitter- @taturiello Caveats Quantum is in its teenage years: there are lots of things that
More informationOutline. Introduction to SFC/NFV SFC and service decomposition SFC orchestration. Performance evaluation Enhancements towards a scalable orchestrator
Scalable Architecture for Service Function Chain Orchestration Sahel Sahhaf, Wouter Tavernier, Janos Czentye, Balazs Sonkoly Pontus Skoldstrom, David Jocha, Jokin Garay 30/09/2015- EWSDN 2015 3/10/2015
More informationETSI FUTURE Network SDN and NFV for Carriers MP Odini HP CMS CT Office April 2013
ETSI FUTURE Network SDN and NFV for Carriers MP Odini HP CMS CT Office April 2013 Challenges and Opportunities Reduce Capex/Opex Challenges Innovation at devices and OTT side Number of devices explode
More informationHow DPI enables effective deployment of CloudNFV. David Le Goff / Director, Strategic & Product Marketing March 2014
How DPI enables effective deployment of CloudNFV David Le Goff / Director, Strategic & Product Marketing March 2014 Key messages of this presentation 1. DPI (Deep Packet Inspection) is critical for effective
More informationOrchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud
Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud 2 Orchestrate the Cloud Infrastructure Business Drivers for Cloud Long Provisioning Times for New Services o o o Lack
More informationTITANIUM CLOUD VIRTUALIZATION PLATFORM
TITANIUM CLOUD VIRTUALIZATION PLATFORM Glenn Seiler Software Defined Infrastructure BU 30 Minutes 12 Content Slides 2017 WIND RIVER. ALL RIGHTS RESERVED. Wind River Titanium Cloud Titanium Cloud is a cloud
More informationRed Hat OpenStack Platform 10 Red Hat OpenDaylight Product Guide
Red Hat OpenStack Platform 10 Red Hat OpenDaylight Product Guide Overview of Red Hat OpenDaylight OpenStack Team Red Hat OpenStack Platform 10 Red Hat OpenDaylight Product Guide Overview of Red Hat OpenDaylight
More informationTrusted Network Connect (TNC) 3rd European Trusted Infrastructure Summer School September 2008
Trusted Network Connect (TNC) 3rd European Trusted Infrastructure Summer School September 2008 Josef von Helden University of Applied Sciences and Arts, Hanover josef.vonhelden@fh-hannover.de Ingo Bente
More informationAll-in one security for large and medium-sized businesses.
All-in one security for large and medium-sized businesses www.entensys.com sales@entensys.com Overview UserGate UTM provides firewall, intrusion detection, anti-malware, spam and content filtering, and
More informationCloud Controlled Network for Service Providers
Cloud Controlled Network for Service Providers Systrome s Cumilon Cloud Controlled Integrated Security Gateways to Deliver Managed Networks with Agility and Control to Multi location Enterprises have increased
More informationOPEN TELCO: A take on the Virtual Central Office
OPEN TELCO: A take on the Virtual Central Office 0930-1000 Hanen Garcia, M. Eng. Global Telco Solutions Manager Red Hat, Inc. CENTRAL OFFICE Current Status Desired Status Huge Source of CAPEX and OPEX
More informationKPI-validation and SLA monitoring in context of troubleshooting/isolating VNFs performance issues
KPI-validation and SLA monitoring in context of troubleshooting/isolating VNFs performance issues Version 1.0 Copyright 2017 VoerEir. All rights reserved Contents 1 Introduction... 2 2 Relationship of
More informationNETWORK VIRTUALIZATION IN THE HOME Chris Donley CableLabs
NETWORK VIRTUALIZATION IN THE HOME Chris Donley CableLabs Abstract Networks are becoming virtualized. While there has been significant focus on virtualization in core and data center networks, network
More informationHardware Accelera+on in an SDN/NFV World: MRV POC with Charter Communica+ons
Hardware Accelera+on in an SDN/NFV World: MRV POC with Charter Communica+ons AusNOG 2016 Lightning Talk John Jones (jjones@mrv.com) Sept 2, 2016 Overview MRV NFV POC with Charter in Denver, Colorado. We
More informationAlten Calsoft Labs Virtual B-RAS Solution
Alten Calsoft Labs Virtual B-RAS Solution Overview Surging broadband subscriber base and the advent of more bandwidth-hungry network services have clearly started highlighting issues with the traditional
More information