Virtualized security at the network edge : a user-centric approach

Diego Montero, Marcelo Yannuzzi, Adrian Shaw, Ludovic Jacquin, Antonio Pastor, René Serral-Gracià, Antonio Lioy, Fulvio Risso, Cataldo Basile, Roberto Sassu, Mario Nemirovsky, Francesco Ciaccia, Michael Georgiades, Savvas Charalambides, Jarkko Kuusijärvi, Francesca Bosco

Research output: Contribution to journalArticleScientificpeer-review

19 Citations (Scopus)

Abstract

The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.
Original languageEnglish
Pages (from-to)176-186
JournalIEEE Communications Magazine
Volume53
Issue number4
DOIs
Publication statusPublished - 2015
MoE publication typeA1 Journal article-refereed

Fingerprint

Smartphones
Personal computers
Network function virtualization
Virtualization

Keywords

  • analytical models
  • network security
  • ontologies
  • security
  • uniform resource locators
  • virtualization

Cite this

Montero, D., Yannuzzi, M., Shaw, A., Jacquin, L., Pastor, A., Serral-Gracià, R., ... Bosco, F. (2015). Virtualized security at the network edge : a user-centric approach. IEEE Communications Magazine, 53(4), 176-186. https://doi.org/10.1109/MCOM.2015.7081092
Montero, Diego ; Yannuzzi, Marcelo ; Shaw, Adrian ; Jacquin, Ludovic ; Pastor, Antonio ; Serral-Gracià, René ; Lioy, Antonio ; Risso, Fulvio ; Basile, Cataldo ; Sassu, Roberto ; Nemirovsky, Mario ; Ciaccia, Francesco ; Georgiades, Michael ; Charalambides, Savvas ; Kuusijärvi, Jarkko ; Bosco, Francesca. / Virtualized security at the network edge : a user-centric approach. In: IEEE Communications Magazine. 2015 ; Vol. 53, No. 4. pp. 176-186.
@article{d1710d7010f74a20ae0abd2c0f89e6ef,
title = "Virtualized security at the network edge : a user-centric approach",
abstract = "The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.",
keywords = "analytical models, network security, ontologies, security, uniform resource locators, virtualization",
author = "Diego Montero and Marcelo Yannuzzi and Adrian Shaw and Ludovic Jacquin and Antonio Pastor and Ren{\'e} Serral-Graci{\`a} and Antonio Lioy and Fulvio Risso and Cataldo Basile and Roberto Sassu and Mario Nemirovsky and Francesco Ciaccia and Michael Georgiades and Savvas Charalambides and Jarkko Kuusij{\"a}rvi and Francesca Bosco",
year = "2015",
doi = "10.1109/MCOM.2015.7081092",
language = "English",
volume = "53",
pages = "176--186",
journal = "IEEE Communications Magazine",
issn = "0163-6804",
publisher = "IEEE Institute of Electrical and Electronic Engineers",
number = "4",

}

Montero, D, Yannuzzi, M, Shaw, A, Jacquin, L, Pastor, A, Serral-Gracià, R, Lioy, A, Risso, F, Basile, C, Sassu, R, Nemirovsky, M, Ciaccia, F, Georgiades, M, Charalambides, S, Kuusijärvi, J & Bosco, F 2015, 'Virtualized security at the network edge : a user-centric approach', IEEE Communications Magazine, vol. 53, no. 4, pp. 176-186. https://doi.org/10.1109/MCOM.2015.7081092

Virtualized security at the network edge : a user-centric approach. / Montero, Diego; Yannuzzi, Marcelo; Shaw, Adrian; Jacquin, Ludovic; Pastor, Antonio; Serral-Gracià, René; Lioy, Antonio; Risso, Fulvio; Basile, Cataldo; Sassu, Roberto; Nemirovsky, Mario; Ciaccia, Francesco; Georgiades, Michael; Charalambides, Savvas; Kuusijärvi, Jarkko; Bosco, Francesca.

In: IEEE Communications Magazine, Vol. 53, No. 4, 2015, p. 176-186.

Research output: Contribution to journalArticleScientificpeer-review

TY - JOUR

T1 - Virtualized security at the network edge : a user-centric approach

AU - Montero, Diego

AU - Yannuzzi, Marcelo

AU - Shaw, Adrian

AU - Jacquin, Ludovic

AU - Pastor, Antonio

AU - Serral-Gracià, René

AU - Lioy, Antonio

AU - Risso, Fulvio

AU - Basile, Cataldo

AU - Sassu, Roberto

AU - Nemirovsky, Mario

AU - Ciaccia, Francesco

AU - Georgiades, Michael

AU - Charalambides, Savvas

AU - Kuusijärvi, Jarkko

AU - Bosco, Francesca

PY - 2015

Y1 - 2015

N2 - The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.

AB - The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.

KW - analytical models

KW - network security

KW - ontologies

KW - security

KW - uniform resource locators

KW - virtualization

U2 - 10.1109/MCOM.2015.7081092

DO - 10.1109/MCOM.2015.7081092

M3 - Article

VL - 53

SP - 176

EP - 186

JO - IEEE Communications Magazine

JF - IEEE Communications Magazine

SN - 0163-6804

IS - 4

ER -

Montero D, Yannuzzi M, Shaw A, Jacquin L, Pastor A, Serral-Gracià R et al. Virtualized security at the network edge : a user-centric approach. IEEE Communications Magazine. 2015;53(4):176-186. https://doi.org/10.1109/MCOM.2015.7081092