This book highlights the importance of security in the design, development and deployment of systems based on Software-Defined Networking (SDN) and Network Functions Virtualization (NFV), together referred to as SDNFV. Presenting a comprehensive guide to the application of security mechanisms in the context of SDNFV, the content spans fundamental theory, practical solutions, and potential applications in future networks. Topics and features: Introduces the key security challenges of SDN, NFV and Cloud Computing, providing a detailed tutorial on NFV security Discusses the issue of trust in SDN/NFV environments, covering roots of trust services, and proposing a technique to evaluate trust by exploiting remote attestation Reviews a range of specific SDNFV security solutions, including a DDoS detection and remediation framework, and a security policy transition framework for SDN Describes the implementation of a virtual home gateway, and a project that combines dynamic security monitoring with big-data analytics to detect network-wide threats Examines the security implications of SDNFV in evolving and future networks, from network-based threats to Industry 4.0 machines, to the security requirements for 5G Investigates security in the Observe, Orient, Decide and Act (OODA) paradigm, and proposes a monitoring solution for a Named Data Networking (NDN) architecture Includes review questions in each chapter, to test the reader's understanding of each of the key concepts described This informative and practical volume is an essential resource for researchers interested in the potential of SDNFV systems to address a broad range of network security challenges. The work will also be of great benefit to practitioners wishing to design secure next-generation communication networks, or to develop new security-related mechanisms for SDNFV systems. Dr. Shao Ying Zhu is a Senior Lecturer in Computing at the University of Derby, UK. Dr. Sandra Scott-Hayward is a Lecturer (Assistant Professor) at Queen's University Belfast, Northern Ireland. Dr. Ludovic Jacquin is a Senior Researcher at Hewlett Packard Labs - the research organisation of Hewlett Packard Enterprise - in Bristol, UK. Prof. Richard Hill is the Head of the Department of Informatics and the Director of the Centre for Industrial Analytics at the University of Huddersfield, UK. The other publications of the editors include the Springer titles Guide to Security Assurance for Cloud Computing and Big-Data Analytics and Cloud Computing: Theory, Algorithms and Applications

Zhu, Shao Ying; Scott-Hayward, Sandra; Jacquin, Ludovic; Hill, Richard

Cham: Springer International Publishing

Springer Nature Switzerland AG

Computer communications and networks, Cham, Switzerland, 2017

Computer Communications and Networks Ser, New York, Nov. 2017

1st ed. 2017, Cham, 2017

Switzerland, Switzerland

1st ed. 2017, PS, 2017

Nov 20, 2017

Source title: Guide to Security in SDN and NFV: Challenges, Opportunities, and Applications (Computer Communications and Networks)

1 online resource (342 pages)
This book highlights the importance of security in the design, development and deployment of systems based on Software-Defined Networking (SDN) and Network Functions Virtualization (NFV), together referred to as SDNFV. Presenting a comprehensive guide to the application of security mechanisms in the context of SDNFV, the content spans fundamental theory, practical solutions, and potential applications in future networks. Topics and features: Introduces the key security challenges of SDN, NFV and Cloud Computing, providing a detailed tutorial on NFV security Discusses the issue of trust in SDN/NFV environments, covering roots of trust services, and proposing a technique to evaluate trust by exploiting remote attestation Reviews a range of specific SDNFV security solutions, including a DDoS detection and remediation framework, and a security policy transition framework for SDN Describes the implementation of a virtual home gateway, and a project that combines dynamic security monitoring with big-data analytics to detect network-wide threats Examines the security implications of SDNFV in evolving and future networks, from network-based threats to Industry 4.0 machines, to the security requirements for 5G Investigates security in the Observe, Orient, Decide and Act (OODA) paradigm, and proposes a monitoring solution for a Named Data Networking (NDN) architecture Includes review questions in each chapter, to test the reader's understanding of each of the key concepts described This informative and practical volume is an essential resource for researchers interested in the potential of SDNFV systems to address a broad range of network security challenges. The work will also be of great benefit to practitioners wishing to design secure next-generation communication networks, or to develop new security-related mechanisms for SDNFV systems. Dr. Shao Ying Zhu is a Senior Lecturer in Computing at the University of Derby, UK. Dr. Sandra Scott-Hayward is a Lecturer (Assistant Professor) at Queen's University Belfast, Northern Ireland. Dr. Ludovic Jacquin is a Senior Researcher at Hewlett Packard Labs - the research organisation of Hewlett Packard Enterprise - in Bristol, UK. Prof. Richard Hill is the Head of the Department of Informatics and the Director of the Centre for Industrial Analytics at the University of Huddersfield, UK. The other publications of the editors include the Springer titles Guide to Security Assurance for Cloud Computing and Big-Data Analytics and Cloud Computing: Theory, Algorithms and Applications
Print version record
Foreword -- Preface -- Acknowledgement -- Contents -- Contributors -- About the Editors -- Part I Introduction to Security in SDNFV â#x80;#x93; Key Concepts -- 1 Security of Software-Defined Infrastructures with SDN, NFV, and Cloud Computing Technologies -- 1.1 Introduction -- 1.2 Defining Characteristics of Software-Defined Networking, Network Functions Virtualization, and Cloud Computing -- 1.2.1 Software-Defined Networking -- 1.2.2 Network Functions Virtualization -- 1.2.3 Cloud Computing -- 1.2.4 Virtualization -- 1.3 Security Challenges of NFV, SDN, and Cloud
1.3.1 General Security Requirements and Definitions1.3.2 NFV Security Challenges -- 1.3.3 SDN Security Challenges -- 1.3.4 Cloud Security Challenges -- 1.4 Security Challenges and Solutions for Cloud-SDN-NFV Integrated Software Infrastructure -- 1.4.1 Security of Virtualization -- 1.4.1.1 Fundamental Security Issues with Virtualization -- 1.4.1.2 Solutions and Guidance -- 1.4.2 Security by Isolation -- 1.4.2.1 Isolation Classification -- 1.4.2.2 Standard Network Security Solutions by Isolation -- 1.4.3 Security of Identity and Access Management
1.5 Case Study: Security of OpenStack Platform1.5.1 Security Challenges and Threats in OpenStack -- 1.5.2 OpenStack Security Solution Recommendation -- 1.6 Integrated Software-Defined Infrastructure Security -- 1.6.1 SDSec Concept -- 1.6.2 Software-Defined Security Service (SDS2) Architecture -- 1.6.2.1 SDS2 Controller -- 1.6.2.2 SDS2 Northbound Interface (NBI) -- 1.6.2.3 SDS2 Virtual Security Function -- 1.6.2.4 SDS2 Southbound Interface (SBI) -- 1.6.2.5 Application of SDS2 to Data Center Security -- 1.7 Summary -- 1.8 Questions -- References
2 NFV Security: Emerging Technologies and Standards2.1 Introduction -- 2.2 Threats and Opportunities -- 2.3 The Problems Identified in the ETSI NFV Security Problem Statement -- 2.3.1 Topology Validation and Enforcement -- 2.3.2 Availability of Management Support Infrastructure -- 2.3.3 Secured Boot -- 2.3.4 Secure Crash -- 2.3.5 Performance Isolation -- 2.3.6 User/Tenant Authentication, Authorization, and Accounting (AAA) -- 2.3.7 Authenticated Time Service -- 2.3.8 Private Keys within Cloned Images
2.3.9 Backdoors via Virtualized Test and Monitoring Functions2.3.10 Multi-administrator Isolation -- 2.4 Establishing and Maintaining Trust -- 2.5 Lawful Interception and the Environment for the Execution of Sensitive Components -- 2.6 Security Management and Monitoring -- 2.7 Analysis of the OpenStack Security -- 2.8 Conclusion -- 2.9 Review Questions -- References -- 3 SDN and NFV Security: Challenges for Integrated Solutions -- 3.1 Introduction -- 3.2 SDN and NFV Integration -- 3.2.1 An Integrated Architecture -- 3.2.2 Orchestration and Management in SDN/NFV
""3.3 A Survey of Proposals to Secure SDN/NFV Platforms""
Includes bibliographical references and index

Annotation This book highlights the importance of security in the design, development and deployment of systems based on Software-Defined Networking (SDN) and Network Functions Virtualization (NFV), together referred to as SDNFV. Presenting a comprehensive guide to the application of security mechanisms in the context of SDNFV, the content spans fundamental theory, practical solutions, and potential applications in future networks. Topics and features: introduces the key security challenges of SDN, NFV and Cloud Computing, providing a detailed tutorial on NFV security; discusses the issue of trust in SDN/NFV environments, covering roots of trust services, and proposing a technique to evaluate trust by exploiting remote attestation; reviews a range of specific SDNFV security solutions, including a DDoS detection and remediation framework, and a security policy transition framework for SDN; describes the implementation of a virtual home gateway, and a project that combines dynamic security monitoring with big-data analytics to detect network-wide threats; examines the security implications of SDNFV in evolving and future networks, from network-based threats to Industry 4.0 machines, to the security requirements for 5G; investigates security in the Observe, Orient, Decide and Act (OODA) paradigm, and proposes a monitoring solution for a Named Data Networking (NDN) architecture; includes review questions in each chapter, to test the reader's understanding of each of the key concepts described. This informative and practical volume is an essential resource for researchers interested in the potential of SDNFV systems to address a broad range of network security challenges. The work will also be of great benefit to practitioners wishing to design secure next-generation communication networks, or to develop new security-related mechanisms for SDNFV systems

Computer Communications and Networks
Erscheinungsdatum: 20.11.2017

2023-06-28