Presentation is loading. Please wait.

Presentation is loading. Please wait.

Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment Bertrand Mathieu, Guillaume Doyen, Wissam Mallouli, Thomas Silverston,

Published bySusanna Ferguson Modified over 8 years ago

Similar presentations

Presentation on theme: "Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment Bertrand Mathieu, Guillaume Doyen, Wissam Mallouli, Thomas Silverston,"— Presentation transcript:

1 Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment Bertrand Mathieu, Guillaume Doyen, Wissam Mallouli, Thomas Silverston, Olivier Bettan, Franc ̧ ois-Xavier Aguessy, Thibault Cholez, Abdelkader Lahmadi, Patrick Truong, Edgardo Montes de Oca 21/05/2015

2 Context and Problem statement  Deploying new network equipment is costly  Deployment only if secure and manageable  Cost Reduction, Hardware Mutualisation, Energy Consumption Network Function Virtualization Software Defined Networking  New networking architecture & solutions for better data delivery and optimal use of network resources NDN : Named Data Networking  Deployment of new network functions and protocols in a virtualized networking environment (NDN Use case) Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment 2

3 Outline  Introduction to NDN  Network architecture  Monitoring solution  Proactive and Reactive Security Mechanisms  Conclusion and Next steps 3 Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

4 Named Data Networking  Novel networking protocol Information-Centric Networking architecture Names are hierarchical  Two types of NDN packets: Interest Data  Designed for Caching Multicasting Mobility Multipath Data integrity and authentication… 4 Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

5 NDN Network exchange example 5 Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

6 Network Architecture 6 Testbed ICDTestbed Loria NDN/HTTP Gateway HTTP Clients Internet HTTP Servers NDN network HTTP/NDN Gateway Proactive security Reactive security

7 Monitoring solution  MMT : Montimage Monitoring Tool Network capture probe for traffic analysis  3 possibilities  Host-based protection on each Virtualized Network Function Better detections than network-based Better performances than Virtual Machine introspection Distribution of the power and memory requirements Can be configured to monitor exactly what is needed for the VNF 7 Network-basedVirtual Machine introspection Host-based Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

8 Monitoring distributed architecture  Managed via Software Defined Networking Creation of a monitoring application Distributed collection of information Centralized decision point (controller)  Communication of probes via P2P for local decisions 8 Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

9 Proactive Security Mechanisms  Risk analysis based on attack graphs Benefits from the SDN to get up-to-date topological information Integration of the attacks specific to NDN (ex: cache poisoning, interest flooding attack…) Describes how a localized attack can propagate in the network  Remediation strategy 9 Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

10 Reactive Security Mechanisms  Generation of attack patterns from attack paths To deduce the characteristics of traffic, caches or forwarding tables Allow to configure the monitoring probes  Integration of MMT with attack graphs Dynamic risk assessment Detections with prior-knowledge  Countermeasures on the virtualized infrastructure To stop or mitigate the currently happening attacks Eg. Configure/deploy a virtualized firewall, or Intrusion Detection System 10 Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

11 Conclusion and Next steps  Modular monitoring architecture for virtualized infrastructure.  Makes possible secure deployment of new protocols.  Can be applied for migration from IP to NDN.  Current/Future steps: Implementation of the two testbeds. Virtualized network functions of NDN. Integration of the MMT probe into containers. Evaluation on testbeds of this monitoring solution. 11 Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

12 Questions ?  Join us to keep updated http://doctor-project.org/ 12 https://www.facebook.com/ProjectDoctor https://www.linkedin.com/groups/DOCTOR -project-8240374 https://twitter.com/DOCTORprojectFR Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

Download ppt "Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment Bertrand Mathieu, Guillaume Doyen, Wissam Mallouli, Thomas Silverston,"

Similar presentations

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
L. Alchaal & al. Page 1 2002 Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.

L. Alchaal & al. Page Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.
NDN in Local Area Networks Junxiao Shi The University of Arizona 2014-09-04 1.

NDN in Local Area Networks Junxiao Shi The University of Arizona
Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.

Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.
Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
Arsitektur Jaringan Terkini

Arsitektur Jaringan Terkini
Internet Indirection Infrastructure Ion Stoica UC Berkeley.

Internet Indirection Infrastructure Ion Stoica UC Berkeley.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Study of the Relationship between Peer-to-Peer Systems and IP Multicasting T. Oh-ishi, K. Sakai, K. Kikuma, and A. Kurokawa NTT Network Service Systems.

Study of the Relationship between Peer-to-Peer Systems and IP Multicasting T. Oh-ishi, K. Sakai, K. Kikuma, and A. Kurokawa NTT Network Service Systems.
The DOCTOR Project DeplOyment and seCurisaTion of new functiOnalities in virtualized networking enviRonnements François-Xavier Aguessy – Thales Bertrand.

The DOCTOR Project DeplOyment and seCurisaTion of new functiOnalities in virtualized networking enviRonnements François-Xavier Aguessy – Thales Bertrand.
Draft-li-rtgwg-cc-igp-arch-00IETF 88 RTGWG1 An Architecture of Central Controlled Interior Gateway Protocol (IGP) draft-li-rtgwg-cc-igp-arch-00 Zhenbin.

Draft-li-rtgwg-cc-igp-arch-00IETF 88 RTGWG1 An Architecture of Central Controlled Interior Gateway Protocol (IGP) draft-li-rtgwg-cc-igp-arch-00 Zhenbin.
NETWORK SECURITY.

NETWORK SECURITY.
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support

Similar presentations

Ads by Google