Visible to the public Enforcement of global security policies in federated cloud networks with virtual network functions

TitleEnforcement of global security policies in federated cloud networks with virtual network functions
Publication TypeConference Paper
Year of Publication2016
AuthorsMassonet, P., Dupont, S., Michot, A., Levin, A., Villari, M.
Conference Name2016 IEEE 15th International Symposium on Network Computing and Applications (NCA)
Date Publishedoct
ISBN Number978-1-5090-3216-7
Keywordsapplication program interfaces, cloud computing, Collaboration, Communication networks, Encryption, federated cloud network, global security policy enforcement, governance, Government, IP networks, network function virtualization, network security function, OpenStack cloud platform, policy, policy-based governance, pubcrawl, security of data, security policies, service function chaining API, software architecture, system architecture, Trusted Computing, untrusted cloud, Virtual machining, virtual network function, virtualisation, VNF

Federated cloud networks are formed by federating virtual network segments from different clouds, e.g. in a hybrid cloud, into a single federated network. Such networks should be protected with a global federated cloud network security policy. The availability of network function virtualisation and service function chaining in cloud platforms offers an opportunity for implementing and enforcing global federated cloud network security policies. In this paper we describe an approach for enforcing global security policies in federated cloud networks. The approach relies on a service manifest that specifies the global network security policy. From this manifest configurations of the security functions for the different clouds of the federation are generated. This enables automated deployment and configuration of network security functions across the different clouds. The approach is illustrated with a case study where communications between trusted and untrusted clouds, e.g. public clouds, are encrypted. The paper discusses future work on implementing this architecture for the OpenStack cloud platform with the service function chaining API.

Citation Keymassonet_enforcement_2016