Accounting for the exponential increase in security threats, the development of new defense strategies for pervasive environments is acquiring an ever-growing importance. The expected avalanche of heterogeneous IoT devices which will populate our industrial factories and smart houses will increase the complexity of managing security requirements in a comprehensive way. To this aim, cloud-based security services are gaining notable impetus to provide security mechanisms according to Security-as-a-Service (SECaaS) model. However, the deployment of security applications in remote cloud data-centers can introduce several drawbacks in terms of traffic overhead and latency increase. To cope with this, Edge Computing can provide remarkable advantages avoiding long routing detours. On the other hand, the limited capabilities of edge node introduce potential constraints in the overall management. This paper focuses on the provisioning of virtualized security services in resource-constrained edge nodes by leveraging lightweight virtualization technologies. Our analysis aims at shedding light on the feasibility of container-based security solutions, thus providing useful guidelines towards the orchestration of security at the edge. Our experiments show that the overhead introduced by the containerization is very light.

One of the key objectives of 5G is to evolve the current mobile network architecture from “one-fit-all” design model to a more customized and dynamically scaling one that enables the deployment of parallel systems, tailored to the service requirements on top of a shared infrastructure. Indeed, the envisioned 5G services may require different needs in terms of capacity, latency, bandwidth, reliability and security, which cannot be efficiently sustained by the same network infrastructure. Coming to address these customization challenges, network softwarization expressed through Software Defined Networking (SDN) programmable network infrastructures, Network Function Virtualization (NFV) running network functions as software and cloud computing flexibility paradigms, is seen as a possible panacea to addressing the variations in the network requirements posed by the 5G use cases. This will enable network flexibility and programmability, allow the creation and lifecycle management of virtual network slices tailored to the needs of 5G verticals expressed in the form of Mobile Virtual Network Operators (MVNOs) for automotive, eHealth, massive IoT, massive multimedia broadband. In this vein, this paper introduces a potential 5G architecture that enables the orchestration, instantiation and management of end-to-end network slices over multiple administrative and technological domains. The architecture is described from both the management and the service perspective, underlining the common functionality as well as how the response to the diversified service requirements can be achieved through proper software network components development.

Through the concept of network slicing, a single physical network infrastructure can be split into multiple logically-independent Network Slices (NS), each of which is customized for the needs of its respective individual user or industrial vertical. In the beyond 5G (B5G) system, this customization can be done for many targeted services, including, but not limited to, 5G use cases and beyond 5G. The network slices should be optimized and customized to stitch a suitable environment for targeted industrial services and verticals. This paper proposes a novel Quality of Service (QoS) framework that optimizes and customizes the network slices to ensure the service level agreement (SLA) in terms of end-to-end reliability, delay, and bandwidth communication. The proposed framework makes use of network softwarization technologies, including software-defined networking (SDN) and network function virtualization (NFV), to preserve the SLA and ensure elasticity in managing the NS. This paper also mathematically models the end-to-end network by considering three parts: radio access network (RAN), transport network (TN), and core network (CN). The network is modeled in an abstract manner based on these three parts. Finally, we develop a prototype system to implement these algorithms using the open network operating system (ONOS) as a SDN controller. Simulations are conducted using the Mininet simulator. The results show that our QoS framework and the proposed resource allocation algorithms can effectively schedule network resources for various NS types and provide reliable E2E QoS services to end-users.