TY - JOUR
T1 - Virtualized security at the network edge : a user-centric approach
AU - Montero, Diego
AU - Yannuzzi, Marcelo
AU - Shaw, Adrian
AU - Jacquin, Ludovic
AU - Pastor, Antonio
AU - Serral-Gracià, René
AU - Lioy, Antonio
AU - Risso, Fulvio
AU - Basile, Cataldo
AU - Sassu, Roberto
AU - Nemirovsky, Mario
AU - Ciaccia, Francesco
AU - Georgiades, Michael
AU - Charalambides, Savvas
AU - Kuusijärvi, Jarkko
AU - Bosco, Francesca
PY - 2015
Y1 - 2015
N2 - The current device-centric protection model against
security threats has serious limitations. On one hand,
the proliferation of user terminals such as smartphones,
tablets, notebooks, smart TVs, game consoles, and desktop
computers makes it extremely difficult to achieve the
same level of protection regardless of the device used.
On the other hand, when various users share devices
(e.g., parents and kids using the same devices at home),
the setup of distinct security profiles, policies, and
protection rules for the different users of a terminal is
far from trivial. In light of this, this article
advocates for a paradigm shift in user protection. In our
model, protection is decoupled from users' terminals, and
it is provided by the access network through a trusted
virtual domain. Each trusted virtual domain provides
unified and homogeneous security for a single user
irrespective of the terminal employed. We describe a
user-centric model where nontechnically savvy users can
define their own profiles and protection rules in an
intuitive way. We show that our model can harness the
virtualization power offered by next-generation access
networks, especially from network functions
virtualization in the points of presence at the edge of
telecom operators. We also analyze the distinctive
features of our model, and the challenges faced based on
the experience gained in the development of a proof of
concept.
AB - The current device-centric protection model against
security threats has serious limitations. On one hand,
the proliferation of user terminals such as smartphones,
tablets, notebooks, smart TVs, game consoles, and desktop
computers makes it extremely difficult to achieve the
same level of protection regardless of the device used.
On the other hand, when various users share devices
(e.g., parents and kids using the same devices at home),
the setup of distinct security profiles, policies, and
protection rules for the different users of a terminal is
far from trivial. In light of this, this article
advocates for a paradigm shift in user protection. In our
model, protection is decoupled from users' terminals, and
it is provided by the access network through a trusted
virtual domain. Each trusted virtual domain provides
unified and homogeneous security for a single user
irrespective of the terminal employed. We describe a
user-centric model where nontechnically savvy users can
define their own profiles and protection rules in an
intuitive way. We show that our model can harness the
virtualization power offered by next-generation access
networks, especially from network functions
virtualization in the points of presence at the edge of
telecom operators. We also analyze the distinctive
features of our model, and the challenges faced based on
the experience gained in the development of a proof of
concept.
KW - analytical models
KW - network security
KW - ontologies
KW - security
KW - uniform resource locators
KW - virtualization
U2 - 10.1109/MCOM.2015.7081092
DO - 10.1109/MCOM.2015.7081092
M3 - Article
SN - 0163-6804
VL - 53
SP - 176
EP - 186
JO - IEEE Communications Magazine
JF - IEEE Communications Magazine
IS - 4
ER -