A SDN and NFV use-case: NDN implementation and security monitoring - Archive ouverte HAL Accéder directement au contenu
Chapitre D'ouvrage Année : 2017

A SDN and NFV use-case: NDN implementation and security monitoring

Résumé

Combining NFV fast service deployment and SDN fine grained control of data flows allows comprehensive network security monitoring. The DOCTOR architecture 2 allows detecting, assessing and remediating attacks. DOCTOR is an ANR funded project designing a NFV platform enabling to securely deploy virtual network functions. The project relies on open-source technologies providing a platform on top of which a Named Data Networking architecture (NDN [2]) is implemented. NDN is an example of application made possible by SDN and NFV coexistence, since hardware implementation would be too expansive. We show how NDN routers can be implemented and managed as VNFs. Security monitoring of the DOCTOR architecture is performed at two levels. First, host-level monitoring, provided by CyberCAPTOR, uses an attack graph approach based on network topology knowledge. It then suggests remediations to cut attack paths. We show how our monitoring tool integrates SDN and NFV specificities and how SDN and NFV make security monitoring more efficient. Then, application level monitoring relies on the MMT probe. It monitors NDN-specific metrics from inside the VNFs and a central component can detect attack patterns corresponding to known flaws of the NDN protocol. These attacks are fed to the CyberCAPTOR module to integrate NDN attacks in attack graphs.
Fichier principal
Vignette du fichier
Book_Chapter_CCN-NDN_over_SDN_NFV.pdf (813.76 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01652639 , version 1 (30-11-2017)

Identifiants

  • HAL Id : hal-01652639 , version 1

Citer

Théo Combe, Wissam Mallouli, Thibault Cholez, Guillaume Doyen, Bertrand Mathieu, et al.. A SDN and NFV use-case: NDN implementation and security monitoring. Guide to Security in SDN and NFV, Springer, 2017, Computer Communications and Networks book series (CCN). ⟨hal-01652639⟩
482 Consultations
1110 Téléchargements

Partager

Gmail Facebook X LinkedIn More