Iordache-Sica, Mircea-Mihai (2022) Context-based security function orchestration for the network edge. PhD thesis, University of Glasgow.
Full text available as:
PDF
Download (1MB) |
Abstract
Over the last few years the number of interconnected devices has increased dramatically, generating zettabytes of traffic each year. In order to cater to the requirements of end-users, operators have deployed network services to enhance their infrastructure. Nowadays, telecommunications service providers are making use of virtualised, flexible, and cost-effective network-wide services, under what is known as Network Function Virtualisation (NFV). Future network and application requirements necessitate services to be delivered at the edge of the network, in close proximity to end-users, which has the potential to reduce end-to-end latency and minimise the utilisation of the core infrastructure while providing flexible allocation of resources. One class of functionality that NFV facilitates is the rapid deployment of network security services. However, the urgency for assuring connectivity to an ever increasing number of devices as well as their resource-constrained nature, has led to neglecting security principles and best practices. These low-cost devices are often exploited for malicious purposes in targeting the network infrastructure, with recent volumetric Distributed Denial of Service (DDoS) attacks often surpassing 1 terabyte per second of network traffic.
The work presented in this thesis aims to identify the unique requirements of security modules implemented as Virtual Network Functions (VNFs), and the associated challenges in providing management and orchestration of complex chains consisting of multiple VNFs The work presented here focuses on deployment, placement, and lifecycle management of microservice-based security VNFs in resource-constrained environments using contextual information on device behaviour. Furthermore, the thesis presents a formulation of the latency-optimal placement of service chains at the network edge, provides an optimal solution using Integer Linear Programming, and an associated near-optimal heuristic solution that is able to solve larger-size problems in reduced time, which can be used in conjunction with context-based security paradigms.
The results of this work demonstrate that lightweight security VNFs can be tailored for, and hosted on, a variety of devices, including commodity resource-constrained systems found in edge networks. Furthermore, using a context-based implementation of the management and orchestration of lightweight services enables the deployment of real-world complex security service chains tailored towards the user’s performance demands from the network. Finally, the results of this work show that on-path placement of service chains reduces the end-to-end latency and minimise the number of service-level agreement violations, therefore enabling secure use of latency-critical networks.
Item Type: | Thesis (PhD) |
---|---|
Qualification Level: | Doctoral |
Colleges/Schools: | College of Science and Engineering > School of Computing Science |
Supervisor's Name: | Pezaros, Professor Dimitrios |
Date of Award: | 2022 |
Depositing User: | Theses Team |
Unique ID: | glathesis:2022-82853 |
Copyright: | Copyright of this thesis is held by the author. |
Date Deposited: | 06 May 2022 09:30 |
Last Modified: | 06 May 2022 09:30 |
Thesis DOI: | 10.5525/gla.thesis.82853 |
URI: | https://theses.gla.ac.uk/id/eprint/82853 |
Related URLs: |
Actions (login required)
View Item |
Downloads
Downloads per month over past year