2016 IEEE Symposium on Computers and Communication (ISCC) (2016)
June 27, 2016 to June 30, 2016
Philippe Massonet , CETIC Research Center, Charleroi, Belgium
Sebastien Dupont , CETIC Research Center, Charleroi, Belgium
Arnaud Michot , CETIC Research Center, Charleroi, Belgium
Anna Levin , IBM Research Lab, Haifa, Israel
Massimo Villari , University of Messina, Italy
Capacity, availability or resilience of clouds can be increased by interconnecting two or more cloud computing environments to form a cloud federation and share resources. Shared resources include compute and storage resources but also networking resources. By integrating software defined networks/ virtual networks (SDN), network function virtualization (NFV) and network function chaining (SFC) technologies into cloud management platforms it is possible to create more advanced and flexible cloud federation mechanisms. In this paper we show how to secure federated cloud networks and how to customise the security of each individual federated cloud network running in a cloud federation. We propose an architecture for securing federated cloud networks by enforcing a global security policy to all network segments of a federation, and local security policies on each network of the federation. Cloud stakeholders can specify the required security virtual network functions (VNF), how to configure them, and how to chain them in a service manifest. The proposed architecture is illustrated with a deep packet inspection case study. Future work on implementing the proposed architecture in an OpenStack federation is briefly discussed.
Cloud computing, Security, Communication networks, Computer architecture, Protocols, Frequency modulation, Heating
P. Massonet, S. Dupont, A. Michot, A. Levin and M. Villari, "An architecture for securing federated cloud networks with Service Function Chaining," 2016 IEEE Symposium on Computers and Communication (ISCC), Messina, Italy, 2016, pp. 38-43.