@Article{2019TNEN,
  author    = {Cataldo Basile and Fulvio Valenza and Antonio Lioy and Diego R. L{\'{o}}pez and Antonio Pastor Perales},
  doi       = {10.1109/TNET.2019.2895278},
  journal   = {{IEEE/ACM} Transactions on Networking},
  number    = {2},
  pages     = {707--720},
  title     = {Adding Support for Automatic Enforcement of Security Policies in {NFV} Networks},
  volume    = {27},
  year      = {2019},
abstract={This paper introduces an approach toward the automatic enforcement of security policies in network functions virtualization (NFV) networks and dynamic adaptation to network changes. The approach relies on a refinement model that allows the dynamic transformation of high-level security requirements into configuration settings for the network security functions (NSFs), and optimization models that allow the optimal selection of the NSFs to use. These models are built on a formalization of the NSF capabilities, which serves to unequivocally describe what NSFs are able to do for security policy enforcement purposes. The approach proposed is the first step toward a security policy aware NFV management, orchestration, and resource allocation system - a paradigm shift for the management of virtualized networks - and it requires minor changes to the current NFV architecture. We prove that our approach is feasible, as it has been implemented by extending the OpenMANO framework and validated on several network scenarios. Furthermore, we prove with performance tests that policy refinement scales well enough to support current and future virtualized networks. © 1993-2012 IEEE.},
keywords={Policy Refinement, Security Automation},
  url       = {https://iris.polito.it/retrieve/handle/11583/2724445/231759/IEEE_ACM_10.1109_TNET.2019.2895278_preprint.pdf},
}

{"_id":"q8X2QnaWe2K4akJMr","bibbaseid":"basile-valenza-lioy-lpez-perales-addingsupportforautomaticenforcementofsecuritypoliciesinnfvnetworks-2019","authorIDs":["anJrBcCdr4LzzWetx"],"author_short":["Basile, C.","Valenza, F.","Lioy, A.","López, D. R.","Perales, A. P."],"bibdata":{"bibtype":"article","type":"article","author":[{"firstnames":["Cataldo"],"propositions":[],"lastnames":["Basile"],"suffixes":[]},{"firstnames":["Fulvio"],"propositions":[],"lastnames":["Valenza"],"suffixes":[]},{"firstnames":["Antonio"],"propositions":[],"lastnames":["Lioy"],"suffixes":[]},{"firstnames":["Diego","R."],"propositions":[],"lastnames":["López"],"suffixes":[]},{"firstnames":["Antonio","Pastor"],"propositions":[],"lastnames":["Perales"],"suffixes":[]}],"doi":"10.1109/TNET.2019.2895278","journal":"IEEE/ACM Transactions on Networking","number":"2","pages":"707–720","title":"Adding Support for Automatic Enforcement of Security Policies in NFV Networks","volume":"27","year":"2019","abstract":"This paper introduces an approach toward the automatic enforcement of security policies in network functions virtualization (NFV) networks and dynamic adaptation to network changes. The approach relies on a refinement model that allows the dynamic transformation of high-level security requirements into configuration settings for the network security functions (NSFs), and optimization models that allow the optimal selection of the NSFs to use. These models are built on a formalization of the NSF capabilities, which serves to unequivocally describe what NSFs are able to do for security policy enforcement purposes. The approach proposed is the first step toward a security policy aware NFV management, orchestration, and resource allocation system - a paradigm shift for the management of virtualized networks - and it requires minor changes to the current NFV architecture. We prove that our approach is feasible, as it has been implemented by extending the OpenMANO framework and validated on several network scenarios. Furthermore, we prove with performance tests that policy refinement scales well enough to support current and future virtualized networks. © 1993-2012 IEEE.","keywords":"Policy Refinement, Security Automation","url":"https://iris.polito.it/retrieve/handle/11583/2724445/231759/IEEE_ACM_10.1109_TNET.2019.2895278_preprint.pdf","bibtex":"@Article{2019TNEN,\r\n author = {Cataldo Basile and Fulvio Valenza and Antonio Lioy and Diego R. L{\\'{o}}pez and Antonio Pastor Perales},\r\n doi = {10.1109/TNET.2019.2895278},\r\n journal = {{IEEE/ACM} Transactions on Networking},\r\n number = {2},\r\n pages = {707--720},\r\n title = {Adding Support for Automatic Enforcement of Security Policies in {NFV} Networks},\r\n volume = {27},\r\n year = {2019},\r\nabstract={This paper introduces an approach toward the automatic enforcement of security policies in network functions virtualization (NFV) networks and dynamic adaptation to network changes. The approach relies on a refinement model that allows the dynamic transformation of high-level security requirements into configuration settings for the network security functions (NSFs), and optimization models that allow the optimal selection of the NSFs to use. These models are built on a formalization of the NSF capabilities, which serves to unequivocally describe what NSFs are able to do for security policy enforcement purposes. The approach proposed is the first step toward a security policy aware NFV management, orchestration, and resource allocation system - a paradigm shift for the management of virtualized networks - and it requires minor changes to the current NFV architecture. We prove that our approach is feasible, as it has been implemented by extending the OpenMANO framework and validated on several network scenarios. Furthermore, we prove with performance tests that policy refinement scales well enough to support current and future virtualized networks. © 1993-2012 IEEE.},\r\nkeywords={Policy Refinement, Security Automation},\r\n url = {https://iris.polito.it/retrieve/handle/11583/2724445/231759/IEEE_ACM_10.1109_TNET.2019.2895278_preprint.pdf},\r\n}\r\n\r\n\r\n","author_short":["Basile, C.","Valenza, F.","Lioy, A.","López, D. R.","Perales, A. P."],"key":"2019TNEN","id":"2019TNEN","bibbaseid":"basile-valenza-lioy-lpez-perales-addingsupportforautomaticenforcementofsecuritypoliciesinnfvnetworks-2019","role":"author","urls":{"Paper":"https://iris.polito.it/retrieve/handle/11583/2724445/231759/IEEE_ACM_10.1109_TNET.2019.2895278_preprint.pdf"},"keyword":["Policy Refinement","Security Automation"],"metadata":{"authorlinks":{"valenza, f":"https://bibbase.org/show?bib=https%3A%2F%2Fraw.githubusercontent.com%2FFulvioValenza%2Fbibliography%2Fmain%2FValenza_bibliography.bib&commas=true"}},"downloads":9},"bibtype":"article","biburl":"https://raw.githubusercontent.com/FulvioValenza/bibliography/main/Valenza_bibliography.bib","creationDate":"2021-01-16T10:07:49.756Z","downloads":9,"keywords":["policy refinement","security automation"],"search_terms":["adding","support","automatic","enforcement","security","policies","nfv","networks","basile","valenza","lioy","lópez","perales"],"title":"Adding Support for Automatic Enforcement of Security Policies in NFV Networks","year":2019,"dataSources":["JbiX35GNqPCF3nids","csYhy47rJJgSM7jjJ"]}