Virtualized security at the network edge : a user-centric approach

Diego Montero, Marcelo Yannuzzi, Adrian Shaw, Ludovic Jacquin, Antonio Pastor, René Serral-Gracià, Antonio Lioy, Fulvio Risso, Cataldo Basile, Roberto Sassu, Mario Nemirovsky, Francesco Ciaccia, Michael Georgiades, Savvas Charalambides, Jarkko Kuusijärvi, Francesca Bosco

    Research output: Contribution to journalArticleScientificpeer-review

    19 Citations (Scopus)

    Abstract

    The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.
    Original languageEnglish
    Pages (from-to)176-186
    JournalIEEE Communications Magazine
    Volume53
    Issue number4
    DOIs
    Publication statusPublished - 2015
    MoE publication typeA1 Journal article-refereed

    Fingerprint

    Smartphones
    Personal computers
    Network function virtualization
    Virtualization

    Keywords

    • analytical models
    • network security
    • ontologies
    • security
    • uniform resource locators
    • virtualization

    Cite this

    Montero, D., Yannuzzi, M., Shaw, A., Jacquin, L., Pastor, A., Serral-Gracià, R., ... Bosco, F. (2015). Virtualized security at the network edge : a user-centric approach. IEEE Communications Magazine, 53(4), 176-186. https://doi.org/10.1109/MCOM.2015.7081092
    Montero, Diego ; Yannuzzi, Marcelo ; Shaw, Adrian ; Jacquin, Ludovic ; Pastor, Antonio ; Serral-Gracià, René ; Lioy, Antonio ; Risso, Fulvio ; Basile, Cataldo ; Sassu, Roberto ; Nemirovsky, Mario ; Ciaccia, Francesco ; Georgiades, Michael ; Charalambides, Savvas ; Kuusijärvi, Jarkko ; Bosco, Francesca. / Virtualized security at the network edge : a user-centric approach. In: IEEE Communications Magazine. 2015 ; Vol. 53, No. 4. pp. 176-186.
    @article{d1710d7010f74a20ae0abd2c0f89e6ef,
    title = "Virtualized security at the network edge : a user-centric approach",
    abstract = "The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.",
    keywords = "analytical models, network security, ontologies, security, uniform resource locators, virtualization",
    author = "Diego Montero and Marcelo Yannuzzi and Adrian Shaw and Ludovic Jacquin and Antonio Pastor and Ren{\'e} Serral-Graci{\`a} and Antonio Lioy and Fulvio Risso and Cataldo Basile and Roberto Sassu and Mario Nemirovsky and Francesco Ciaccia and Michael Georgiades and Savvas Charalambides and Jarkko Kuusij{\"a}rvi and Francesca Bosco",
    year = "2015",
    doi = "10.1109/MCOM.2015.7081092",
    language = "English",
    volume = "53",
    pages = "176--186",
    journal = "IEEE Communications Magazine",
    issn = "0163-6804",
    publisher = "IEEE Institute of Electrical and Electronic Engineers",
    number = "4",

    }

    Montero, D, Yannuzzi, M, Shaw, A, Jacquin, L, Pastor, A, Serral-Gracià, R, Lioy, A, Risso, F, Basile, C, Sassu, R, Nemirovsky, M, Ciaccia, F, Georgiades, M, Charalambides, S, Kuusijärvi, J & Bosco, F 2015, 'Virtualized security at the network edge : a user-centric approach', IEEE Communications Magazine, vol. 53, no. 4, pp. 176-186. https://doi.org/10.1109/MCOM.2015.7081092

    Virtualized security at the network edge : a user-centric approach. / Montero, Diego; Yannuzzi, Marcelo; Shaw, Adrian; Jacquin, Ludovic; Pastor, Antonio; Serral-Gracià, René; Lioy, Antonio; Risso, Fulvio; Basile, Cataldo; Sassu, Roberto; Nemirovsky, Mario; Ciaccia, Francesco; Georgiades, Michael; Charalambides, Savvas; Kuusijärvi, Jarkko; Bosco, Francesca.

    In: IEEE Communications Magazine, Vol. 53, No. 4, 2015, p. 176-186.

    Research output: Contribution to journalArticleScientificpeer-review

    TY - JOUR

    T1 - Virtualized security at the network edge : a user-centric approach

    AU - Montero, Diego

    AU - Yannuzzi, Marcelo

    AU - Shaw, Adrian

    AU - Jacquin, Ludovic

    AU - Pastor, Antonio

    AU - Serral-Gracià, René

    AU - Lioy, Antonio

    AU - Risso, Fulvio

    AU - Basile, Cataldo

    AU - Sassu, Roberto

    AU - Nemirovsky, Mario

    AU - Ciaccia, Francesco

    AU - Georgiades, Michael

    AU - Charalambides, Savvas

    AU - Kuusijärvi, Jarkko

    AU - Bosco, Francesca

    PY - 2015

    Y1 - 2015

    N2 - The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.

    AB - The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.

    KW - analytical models

    KW - network security

    KW - ontologies

    KW - security

    KW - uniform resource locators

    KW - virtualization

    U2 - 10.1109/MCOM.2015.7081092

    DO - 10.1109/MCOM.2015.7081092

    M3 - Article

    VL - 53

    SP - 176

    EP - 186

    JO - IEEE Communications Magazine

    JF - IEEE Communications Magazine

    SN - 0163-6804

    IS - 4

    ER -

    Montero D, Yannuzzi M, Shaw A, Jacquin L, Pastor A, Serral-Gracià R et al. Virtualized security at the network edge : a user-centric approach. IEEE Communications Magazine. 2015;53(4):176-186. https://doi.org/10.1109/MCOM.2015.7081092