This book highlights the importance of security in the design, development and deployment of systems based on Software-Defined Networking (SDN) and Network Functions Virtualization (NFV), together referred to as SDNFV. Presenting a comprehensive guide to the application of security mechanisms in the context of SDNFV, the content spans fundamental theory, practical solutions, and potential applications in future networks. Topics and features: introduces the key security challenges of SDN, NFV and Cloud Computing, providing a detailed tutorial on NFV security; discusses the issue of trust in SDN/NFV environments, covering roots of trust services, and proposing a technique to evaluate trust by exploiting remote attestation; reviews a range of specific SDNFV security solutions, including a DDoS detection and remediation framework, and a security policy transition framework for SDN; describes the implementation of a virtual home gateway, and a project that combines dynamic security monitoring with big-data analytics to detect network-wide threats; examines the security implications of SDNFV in evolving and future networks, from network-based threats to Industry 4.0 machines, to the security requirements for 5G; investigates security in the Observe, Orient, Decide and Act (OODA) paradigm, and proposes a monitoring solution for a Named Data Networking (NDN) architecture; includes review questions in each chapter, to test the reader’s understanding of each of the key concepts described. This informative and practical volume is an essential resource for researchers interested in the potential of SDNFV systems to address a broad range of network security challenges. The work will also be of great benefit to practitioners wishing to design secure next-generation communication networks, or to develop new security-related mechanisms for SDNFV systems.

This book provides security analyses of several Software Defined Networking (SDN) and Network Functions Virtualization (NFV) applications using Microsoft’s threat modeling framework STRIDE. Before deploying new technologies in the production environment, their security aspects must be considered. Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two new technologies used to increase e.g. the manageability, security and flexibility of enterprise/production/cloud IT environments. Also featuring a wealth of diagrams to help illustrate the concepts discussed, the book is ideally suited as a guide for all IT security professionals, engineers, and researchers who need IT security recommendations on deploying SDN and NFV technologies.

A Visual Guide to Understanding Software Defined Networks and Network Function Virtualization The simple, visual, at-a-glance guide to SDN and NFV: Core concepts, business drivers, key technologies, and more! SDN (Software Defined Networks) and NFV (Network Function Virtualization) are today’s hottest areas of networking. Many executives, investors, sales professionals, and marketers need a solid working understanding of these technologies, but most books on the subject are written specifically for network engineers and other technical experts. SDN and NFV Simplified fills that gap, offering highly visual, “at-a-glance” explanations of SDN, NFV, and their underlying virtualizations. Built around an illustrated, story-telling approach, this answers the questions: Why does this technology matter? How does it work? Where is it used? What problems does it solve? Through easy, whiteboard-style infographics, you’ll learn: how virtualization enables SDN and NFV; how datacenters are virtualized through clouds; how networks can also be virtualized; and how to maximize security, visibility, and Quality of Experience in tomorrow’s fully-virtualized environments. Step by step, you’ll discover why SDN and NFV technologies are completely redefining both enterprise and carrier networks, and driving the most dramatic technology migration since IP networking. That’s not all: You’ll learn all you need to help lead this transformation. Learn how virtualization establishes the foundation for SDN and NFV Review the benefits of VMs, the role of hypervisors, and the management of virtual resources Discover how cloud technologies enable datacenter virtualization Understand the roles of networking gear in virtualized datacenters See VMWare VMotion and VXLAN at work in the virtualized datacenter Understand multitenancy and the challenges of “communal living” Learn how core network functions and appliances can be virtualized Ensure performance and scalability in virtualized networks Compare modern approaches to network virtualization, including OpenFlow, VMWare Nicera, Cisco Inseieme, and OpenStack Walk through the business case for SDN, NFV, and the Cloud Discover how the Software Defined Network (SDN) solves problems previously left unaddressed Understand SDN controllers–and who’s fighting to control your network Use SDN and NFV to improve integration and say goodbye to “truck rolls” Enforce security, avoid data leakage, and protect assets through encryption Provide for effective monitoring and consistent Quality of Experience (QoE) Learn how SDN and NFV will affect you–and what’s next

Software-defined network (SDN) and network function virtualization (NFV) are two technology trends that have revolutionized network management, particularly in highly distributed networks that are used in public, private, or hybrid cloud services. SDN and NFV technologies, when combined, simplify the deployment of network resources, lower capital and operating expenses, and offer greater network flexibility. The increasing usage of NFV is one of the primary factors that make SDN adoption attractive. The integration of these two technologies; SDN and NFV, offer a complementary service, with NFV delivering many of the real services controlled in an SDN. While SDN is focused on the control plane, NFV optimizes the actual network services that manage the data flows. Devices such as routers, firewalls, and VPN terminators are replaced with virtual devices that run on commodity hardware in NFV physical networking. This resembles the 'as-a-service' typical model of cloud services in many aspects. These virtual devices can be accessed on-demand by communication, network, or data center providers.This book illustrates the fundamentals and evolution of SDN and NFV and highlights how these two technologies can be integrated to solve traditional networking problems. In addition, it will focus on the utilization of SDN and NFV to enhance network security, which will open ways to integrate them with current technologies such as IoT, edge computing and blockchain, SDN-based network programmability, and current network orchestration technologies. The basics of SDN and NFV and associated issues, challenges, technological advancements along with advantages and risks of shifting networking paradigm towards SDN are also discussed. Detailed exercises within the book and corresponding solutions are available online as accompanying supplementary material.

The first comprehensive guide to the design and implementation of security in 5G wireless networks and devices Security models for 3G and 4G networks based on Universal SIM cards worked very well. But they are not fully applicable to the unique security requirements of 5G networks. 5G will face additional challenges due to increased user privacy concerns, new trust and service models and requirements to support IoT and mission-critical applications. While multiple books already exist on 5G, this is the first to focus exclusively on security for the emerging 5G ecosystem. 5G networks are not only expected to be faster, but provide a backbone for many new services, such as IoT and the Industrial Internet. Those services will provide connectivity for everything from autonomous cars and UAVs to remote health monitoring through body-attached sensors, smart logistics through item tracking to remote diagnostics and preventive maintenance of equipment. Most services will be integrated with Cloud computing and novel concepts, such as mobile edge computing, which will require smooth and transparent communications between user devices, data centers and operator networks. Featuring contributions from an international team of experts at the forefront of 5G system design and security, this book: Provides priceless insights into the current and future threats to mobile networks and mechanisms to protect it Covers critical lifecycle functions and stages of 5G security and how to build an effective security architecture for 5G based mobile networks Addresses mobile network security based on network-centricity, device-centricity, information-centricity and people-centricity views Explores security considerations for all relative stakeholders of mobile networks, including mobile network operators, mobile network virtual operators, mobile users, wireless users, Internet-of things, and cybersecurity experts Providing a comprehensive guide to state-of-the-art in 5G security theory and practice, A Comprehensive Guide to 5G Security is an important working resource for researchers, engineers and business professionals working on 5G development and deployment.

Discusses virtual network security concepts Considers proactive security using moving target defense Reviews attack representation models based on attack graphs and attack trees Examines service function chaining in virtual networks with security considerations Recognizes machine learning and AI in network security

The two-volume set, LNCS 11098 and LNCS 11099 constitutes the refereed proceedings of the 23nd European Symposium on Research in Computer Security, ESORICS 2018, held in Barcelona, Spain, in September 2018. The 56 revised full papers presented were carefully reviewed and selected from 283 submissions. The papers address issues such as software security, blockchain and machine learning, hardware security, attacks, malware and vulnerabilities, protocol security, privacy, CPS and IoT security, mobile security, database and web security, cloud security, applied crypto, multi-party computation, SDN security.

This authoritative volume presents a comprehensive guide to the evaluation and design of networked systems with improved disaster resilience. The text offers enlightening perspectives on issues relating to all major failure scenarios, including natural disasters, disruptions caused by adverse weather conditions, massive technology-related failures, and malicious human activities. Topics and features: describes methods and models for the analysis and evaluation of disaster-resilient communication networks; examines techniques for the design and enhancement of disaster-resilient systems; provides a range of schemes and algorithms for resilient systems; reviews various advanced topics relating to resilient communication systems; presents insights from an international selection of more than 100 expert researchers working across the academic, industrial, and governmental sectors. This practically-focused monograph, providing invaluable support on topics of resilient networking equipment and software, is an essential reference for network professionals including network and networked systems operators, networking equipment vendors, providers of essential services, and regulators. The work can also serve as a supplementary textbook for graduate and PhD courses on networked systems resilience.

The software and networking industry is experiencing a rapid development and deployment of Network Functions Visualization (NFV) technology, in both enterprise and cloud data center networks. One of the primary reasons for this technological trend is that NFV has the capability to reduce CAPEX and OPEX, whilst increasing networking service efficiency, performance, agility, scalability, and resource utilization. Despite such well-recognized benefits, security remains a major concern of network service providers and seriously impedes the further expansion of NFV. This book is therefore dedicated to investigating and exploring the potential security issues of NFV. It contains three major elements: a thorough overview of the NFV framework and architecture, a comprehensive threat analysis aiming to establish a layer-specific threat taxonomy for NFV enabled networking services, and a series of comparative studies of security best practices in traditional networking scenarios and in NFV, ultimately leading to a set of recommendations on security countermeasures in NFV. This book is primarily intended for engineers, engineering students and researchers and those with an interest in the field of networks and telecommunications (architectures, protocols, services) in general, and particularly software-defined network (SDN) and network functions virtualization (NFV)-based security services. - Extensively studies security issues in NFV - Presents a basis or guideline for both academia researchers and industry practitioners to work together to achieve secure and dependable lifecycle management of NFV based network services

This thesis is intended to explore security issues in the virtualized and software-defined world, and starts with two important hypotheses: (1) SDN and NFV offer plenty of opportunities for us to rethink security management in the new networking paradigms; (2) both legacy and new security threats and vulnerabilities in NFV/SDN enabled environments need to be sufficiently addressed in order to pave the way for their further development and deployment. To validate the hypotheses, we carry out an in-depth study on NFV/SDN from security perspective, including its architecture, management and orchestration (MANO) framework, and use cases, leading to two major contributions, (1) a security management and orchestration framework (called SecMANO) based on NFV MANO, which has the potential to manage a set of policy-driven security mechanisms, such as access control, IDS/IPS, network isolation, data protection; (2) a comprehensive threat analysis on five NFV use cases and the state-of-the-art security countermeasures, resulting in a NFV layer-specific threat taxonomy and a set of security recommendations on securing NFV based services.We believe that both of the two contributions lay down a foundation for security research in NFV/SDN domain. In particular, based on the two contributions, we further develop a security orchestrator as an extension of available NFV orchestrator, with an objective to enabling the basic security functions to be effectively orchestrated and provided as on-demand services to the customers, meanwhile allowing high-level security policies to be specified and enforced in a dynamic and flexible way. Specifically, a software-defined access control paradigm is implemented and prototyped with OpenStack and Tacker (a NFV orchestrator using TOSCA model), which allows the security administrators to dynamically customize the access control models and policies for different tenant domains, eventually achieving flexible and scalable protection across different layers and multiple cloud data centers. Both prototype of concept and real-life experiments on testbed have been carried out, clearly demonstrating the feasibility and effectiveness of our security orchestrator.In addition, as our NFV cross-layer threat taxonomy indicates, a large set of novel threats will be introduced, among which VNF (Virtualized Network Function) is a unique and important asset that deserves careful protection. The fourth contribution of this thesis is therefore devoted to achieving secure and dependable SFC (Service Function Chaining) in NFV and SDN environment. Specifically, an identity-based ordered multisignature scheme called SecSFC is designed and applied to ensure that, (1) each service function involved in a particular service chain is authenticated and legitimate; (2) all the service functions are chained in a consistent, optimal, and reliable way, meeting with the pre-defined high-level specifications like VNF Forwarding Graph. Both theoretical security analysis and experimental results demonstrate that our scheme can effectively defend against a large set of destructive attacks like rule modification and topology tempering, moving an important step towards secure and dependable SFC. Importantly, the signature construction and validation process is lightweight, generating compact and constant-size keys and signatures, thereby only incurring minimal computational overhead and latency.