Traffic flow and network security function models

With respect to traditional ones, virtualized networks enable an increased level of automation, which can be exploited to obtain network solutions that are not only more adaptive to changes, but also less prone to human errors. In this context, we are assisting at some first research attempts to exploit network virtualization to automate and optimize the allocation and configuration of network security mechanisms. However, these attempts are still quite limited compared to what could be achieved with these paradigms. One of the aspects that needs further investigation is how traffic flows and network functions can be modelled efficiently in order to forecast the behaviour of a network that may be made of different components, including stateful ones. The goal of this thesis is to study, propose and compare different network modelling approaches that could be used to solve the problem of automatically defining the allocation and configuration of security mechanisms in a virtualized network. Two different (and alternative) models for describing traffic flows and network functions have been identified and compared. Each model must enable the computation of how a packet that enters the network is forwarded and transformed when crossing the various nodes (NAT, Load balancer/VPN gateway etc). Such computation, in turn, is necessary to find the optimal placement and configuration of security functions like firewalls, on the basis of given high-level user requirements. The first approach for describing traffic flows that has been considered makes use of Atomic Predicates, a concept recently proposed by some researchers for computing network reachability. This concept has been adapted to our purposes by introducing some new substantial differences, but keeping the basic idea. Given a set of predicates (representing the IP quintuple), it is possible to compute the set of totally disjunct and minimal predicates (atomic) such that each predicate can be expressed as a disjunction of a subset of them. In other words, it is possible to split each complex predicate (for example a firewall rule, a NAT input class, a requirement source, etc) into a set of simpler and minimal atomic predicates. The second approach, instead, is based on a totally different idea that we call Maximal Flows. If with atomic predicates we try to split the traffic flows into smaller atomic flows (reaching the highest level of granularity but also a higher number of flows), with this second approach we try to do the opposite work, that is to reduce the number of generated flows, aggregating as much as possible different flows into maximal flows representative for all the ones that have been joined. All flows represented by the same maximal flow must behave in the same way when crossing the various nodes of the network, so that it is sufficient to consider the maximal flow and not each single flow that it represents. Each one of the two described models has its pros and cons, and crucial, besides the implementation, is the work of comparing performance against scalability testing, for highlighting their difference and feasibility in real scenarios. The completion of the thesis work is scheduled for July and includes a final experimental and comparative evaluation of the two proposed approaches, together with a possible implementation in Java as a contribution and extension to an already existing framework, VEREFOO.