Introducing programmability and automation in the synthesis of virtual firewall rules

2020 6th IEEE Conference on Network Softwarization (NetSoft) Pub Date : 2020-06-01 DOI:10.1109/NetSoft48620.2020.9165434

Daniele Bringhenti, G. Marchetto, R. Sisto, Fulvio Valenza, Jalolliddin Yusupov

{"title":"Introducing programmability and automation in the synthesis of virtual firewall rules","authors":"Daniele Bringhenti, G. Marchetto, R. Sisto, Fulvio Valenza, Jalolliddin Yusupov","doi":"10.1109/NetSoft48620.2020.9165434","DOIUrl":null,"url":null,"abstract":"The rise of new forms of cyber-threats is mostly due to the extensive use of virtualization paradigms and the increasing adoption of automation in the software life-cycle. To address these challenges we propose an innovative framework that leverages the intrinsic programmability of the cloud and software-defined infrastructures to improve the effectiveness and efficiency of reaction mechanisms. In this paper, we present our contributions with a demonstrative use case in the context of Kubernetes. By means of this framework, developers of cybersecurity appliances will not have any more to care about how to react to events or to struggle to define any possible security tasks at design time. In addition, automatic firewall ruleset generation provided by our framework will mostly avoid human intervention, hence decreasing the time to carry out them and the likelihood of errors. We focus our discussions on technical challenges: definition of common actions at the policy level and their translation into configurations for the heterogeneous set of security functions by means of a use case.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NetSoft48620.2020.9165434","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

The rise of new forms of cyber-threats is mostly due to the extensive use of virtualization paradigms and the increasing adoption of automation in the software life-cycle. To address these challenges we propose an innovative framework that leverages the intrinsic programmability of the cloud and software-defined infrastructures to improve the effectiveness and efficiency of reaction mechanisms. In this paper, we present our contributions with a demonstrative use case in the context of Kubernetes. By means of this framework, developers of cybersecurity appliances will not have any more to care about how to react to events or to struggle to define any possible security tasks at design time. In addition, automatic firewall ruleset generation provided by our framework will mostly avoid human intervention, hence decreasing the time to carry out them and the likelihood of errors. We focus our discussions on technical challenges: definition of common actions at the policy level and their translation into configurations for the heterogeneous set of security functions by means of a use case.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

在虚拟防火墙规则的合成中引入可编程性和自动化

新形式的网络威胁的兴起主要是由于虚拟化范例的广泛使用以及在软件生命周期中越来越多地采用自动化。为了应对这些挑战，我们提出了一个创新的框架，利用云和软件定义的基础设施的内在可编程性来提高反应机制的有效性和效率。在本文中，我们通过Kubernetes环境中的一个示范用例来展示我们的贡献。通过这个框架，网络安全设备的开发人员将不必再关心如何对事件做出反应，也不必在设计时努力定义任何可能的安全任务。此外，我们的框架提供的自动防火墙规则集生成将在很大程度上避免人为干预，因此减少了执行它们的时间和出错的可能性。我们将讨论重点放在技术挑战上:在策略级别定义公共操作，并通过用例将其转换为异构安全功能集的配置。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2020 6th IEEE Conference on Network Softwarization (NetSoft)

自引率

0.00%

发文量