A SDN and NFV use-case: NDN implementation and security monitoring

Abstract : Combining NFV fast service deployment and SDN fine grained control of data flows allows comprehensive network security monitoring. The DOCTOR architecture 2 allows detecting, assessing and remediating attacks. DOCTOR is an ANR funded project designing a NFV platform enabling to securely deploy virtual network functions. The project relies on open-source technologies providing a platform on top of which a Named Data Networking architecture (NDN [2]) is implemented. NDN is an example of application made possible by SDN and NFV coexistence, since hardware implementation would be too expansive. We show how NDN routers can be implemented and managed as VNFs. Security monitoring of the DOCTOR architecture is performed at two levels. First, host-level monitoring, provided by CyberCAPTOR, uses an attack graph approach based on network topology knowledge. It then suggests remediations to cut attack paths. We show how our monitoring tool integrates SDN and NFV specificities and how SDN and NFV make security monitoring more efficient. Then, application level monitoring relies on the MMT probe. It monitors NDN-specific metrics from inside the VNFs and a central component can detect attack patterns corresponding to known flaws of the NDN protocol. These attacks are fed to the CyberCAPTOR module to integrate NDN attacks in attack graphs.
Type de document :
Chapitre d'ouvrage
Guide to Security in SDN and NFV, Springer, 2017, Computer Communications and Networks book series (CCN)
Liste complète des métadonnées

Littérature citée [18 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01652639
Contributeur : Thibault Cholez <>
Soumis le : jeudi 30 novembre 2017 - 14:54:05
Dernière modification le : mardi 27 février 2018 - 14:40:04

Fichier

Book_Chapter_CCN-NDN_over_SDN_...
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01652639, version 1

Citation

Théo Combe, Wissam Mallouli, Thibault Cholez, Guillaume Doyen, Bertrand Mathieu, et al.. A SDN and NFV use-case: NDN implementation and security monitoring. Guide to Security in SDN and NFV, Springer, 2017, Computer Communications and Networks book series (CCN). 〈hal-01652639〉

Partager

Métriques

Consultations de la notice

583

Téléchargements de fichiers

498