Automatic Optimized Firewalls Orchestration and Configuration in NFV environment

Daniele Bringhenti

Automatic Optimized Firewalls Orchestration and Configuration in NFV environment.

Rel. Riccardo Sisto, Guido Marchetto, Fulvio Valenza, Jalolliddin Yusupov. Politecnico di Torino, Master of science program in Computer Engineering, 2019

Preview

PDF (Tesi_di_laurea) - Thesis
Licence: Creative Commons Attribution Non-commercial No Derivatives.
Download (9MB) | Preview

Abstract

The Network Functions Virtualization (NFV) paradigm is a novel networking technology which, by means of a decoupling between the network functions and the hardware appliances, allows software processes to be installed as service functions on general-purpose servers. Among the consequent benefits, this principle entails further agility and flexibility in the creation of a Service Graph, which is a generalization of the Service Function Chain (SFC) concept, describing how the single network functions must be organized and connected. A problem which, however, arises in the creation of a Service Graph in this scenario is that this task is typically performed by a service designer; instead, the security manager is separately in charge of the allocation and configuration of the Network Security Functions (NSFs) - such as firewalls and anti-spam filters - needed to protect the network from cybersecurity attacks.

Moreover, these operations are usually performed manually, so they are prone to human errors and the reaction latency is not negligible whenever the security defences should be updated according to different or additional security requirements