Inter-function anomaly analysis for correct SDN/NFV deployment

被引:16
作者
Basile, Cataldo [1 ]
Canavese, Daniele [1 ]
Lioy, Antonio [1 ]
Pitscheider, Christian [1 ]
Valenza, Fulvio [1 ]
机构
[1] Politecn Torino, Dipartimento Automat & Informat, I-10129 Turin, Italy
来源
INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT | 2016年 / 26卷 / 01期
关键词
SDN/NFV; VNF policy; inter-function anomaly analysis; CONFIGURATION;
D O I
10.1002/nem.1917
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Implementing the security of a network consists in individually configuring several network functions. Network functions are configured by means of a policy composed of a set of rules, but their actual behaviour is influenced by the other policies implemented by all the other network functions around them. This paper proposes a formal model that can be used to detect inter-function anomalies, which are defined as the interferences between two or more functions deployed in the same network. We have proved with experiments that the proposed model is fast and scalable. Copyright (C) 2015 John Wiley & Sons, Ltd
引用
收藏
页码:25 / 43
页数:19
相关论文
共 32 条
[1]  
Al-Shaer E., Configuration Analytics and Automation (SAFECONFIG), P1, DOI [DOI 10.1109/SAFECONFIG.2011.6111667, 10.1109/SafeConfig.2011.6111667.]
[2]  
Al-Shaer E., 2010, P 3 ACM WORKSHOP ASS, P37, DOI DOI 10.1145/1866898.1866905
[3]   Network Configuration in A Box: Towards End-to-End Verification of Network Reachability and Security [J].
Al-Shaer, Ehab ;
Marrero, Will ;
El-Atawy, Adel ;
ElBadawi, Khalid .
2009 17TH IEEE INTERNATIONAL CONFERENCE ON NETWORK PROTOCOLS (ICNP 2009), 2009, :123-+
[4]  
Al-Shaer ES, 2004, IEEE INFOCOM SER, P2605
[5]  
Algosec Survey Insights, 2012, EX DANG COMPL NETW S
[6]   Shadow configuration as a network management primitive [J].
Alimi, Richard ;
Wang, Ye ;
Yang, Y. Richard .
ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2008, 38 (04) :111-122
[7]  
[Anonymous], 2014, IEEE S COMP COMM ISC
[8]  
[Anonymous], 2004, IEEE Transactions on Network and Service Management, DOI [DOI 10.1109/TNSM.2004.4623689, 10.1109/TNSM.2004.4623689]
[9]  
[Anonymous], 2012, NSDI 12 9 USENIX S N
[10]  
Basile C., 2014, P 9 INT C RISKS SEC, P148
1234