Assessing Lightweight Virtualization for Security-as-a-Service at the Network Edge

Abderrahmane BOUDI; Ivan FARRIS; Miloud BAGAA; Tarik TALEB

doi:10.1587/transcom.2018EUI0001

Open Access
Assessing Lightweight Virtualization for Security-as-a-Service at the Network Edge

Abderrahmane BOUDI, Ivan FARRIS, Miloud BAGAA, Tarik TALEB

Full Text Views

84

Cite this

Free PDF (1.9MB)

Summary :

Accounting for the exponential increase in security threats, the development of new defense strategies for pervasive environments is acquiring an ever-growing importance. The expected avalanche of heterogeneous IoT devices which will populate our industrial factories and smart houses will increase the complexity of managing security requirements in a comprehensive way. To this aim, cloud-based security services are gaining notable impetus to provide security mechanisms according to Security-as-a-Service (SECaaS) model. However, the deployment of security applications in remote cloud data-centers can introduce several drawbacks in terms of traffic overhead and latency increase. To cope with this, Edge Computing can provide remarkable advantages avoiding long routing detours. On the other hand, the limited capabilities of edge node introduce potential constraints in the overall management. This paper focuses on the provisioning of virtualized security services in resource-constrained edge nodes by leveraging lightweight virtualization technologies. Our analysis aims at shedding light on the feasibility of container-based security solutions, thus providing useful guidelines towards the orchestration of security at the edge. Our experiments show that the overhead introduced by the containerization is very light.

Publication: IEICE TRANSACTIONS on Communications Vol.E102-B No.5 pp.970-977

Publication Date: 2019/05/01

Publicized: 2018/11/22

Online ISSN: 1745-1345

DOI: 10.1587/transcom.2018EUI0001

Type of Manuscript: Special Section INVITED PAPER (Special Section on European ICT R&D Project Activities on Broadband Access Technologies in Conjunction with Main Topics of 2016/2017 IEICE ICT Forum)

Category

Authors

Abderrahmane BOUDI
  Aalto University,École nationale Supérieure d'Informatique
Ivan FARRIS
  Aalto University
Miloud BAGAA
  Aalto University
Tarik TALEB
  Aalto University

Keyword

NFV, security, cloud/edge computing, IoT

Cite this

Copy

Abderrahmane BOUDI, Ivan FARRIS, Miloud BAGAA, Tarik TALEB, "Assessing Lightweight Virtualization for Security-as-a-Service at the Network Edge" in IEICE TRANSACTIONS on Communications, vol. E102-B, no. 5, pp. 970-977, May 2019, doi: 10.1587/transcom.2018EUI0001.
Abstract: Accounting for the exponential increase in security threats, the development of new defense strategies for pervasive environments is acquiring an ever-growing importance. The expected avalanche of heterogeneous IoT devices which will populate our industrial factories and smart houses will increase the complexity of managing security requirements in a comprehensive way. To this aim, cloud-based security services are gaining notable impetus to provide security mechanisms according to Security-as-a-Service (SECaaS) model. However, the deployment of security applications in remote cloud data-centers can introduce several drawbacks in terms of traffic overhead and latency increase. To cope with this, Edge Computing can provide remarkable advantages avoiding long routing detours. On the other hand, the limited capabilities of edge node introduce potential constraints in the overall management. This paper focuses on the provisioning of virtualized security services in resource-constrained edge nodes by leveraging lightweight virtualization technologies. Our analysis aims at shedding light on the feasibility of container-based security solutions, thus providing useful guidelines towards the orchestration of security at the edge. Our experiments show that the overhead introduced by the containerization is very light.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.2018EUI0001/_p

Copy

@ARTICLE{e102-b_5_970,
author={Abderrahmane BOUDI, Ivan FARRIS, Miloud BAGAA, Tarik TALEB, },
journal={IEICE TRANSACTIONS on Communications},
title={Assessing Lightweight Virtualization for Security-as-a-Service at the Network Edge},
year={2019},
volume={E102-B},
number={5},
pages={970-977},
abstract={Accounting for the exponential increase in security threats, the development of new defense strategies for pervasive environments is acquiring an ever-growing importance. The expected avalanche of heterogeneous IoT devices which will populate our industrial factories and smart houses will increase the complexity of managing security requirements in a comprehensive way. To this aim, cloud-based security services are gaining notable impetus to provide security mechanisms according to Security-as-a-Service (SECaaS) model. However, the deployment of security applications in remote cloud data-centers can introduce several drawbacks in terms of traffic overhead and latency increase. To cope with this, Edge Computing can provide remarkable advantages avoiding long routing detours. On the other hand, the limited capabilities of edge node introduce potential constraints in the overall management. This paper focuses on the provisioning of virtualized security services in resource-constrained edge nodes by leveraging lightweight virtualization technologies. Our analysis aims at shedding light on the feasibility of container-based security solutions, thus providing useful guidelines towards the orchestration of security at the edge. Our experiments show that the overhead introduced by the containerization is very light.},
keywords={},
doi={10.1587/transcom.2018EUI0001},
ISSN={1745-1345},
month={May},}

Copy

TY - JOUR
TI - Assessing Lightweight Virtualization for Security-as-a-Service at the Network Edge
T2 - IEICE TRANSACTIONS on Communications
SP - 970
EP - 977
AU - Abderrahmane BOUDI
AU - Ivan FARRIS
AU - Miloud BAGAA
AU - Tarik TALEB
PY - 2019
DO - 10.1587/transcom.2018EUI0001
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E102-B
IS - 5
JA - IEICE TRANSACTIONS on Communications
Y1 - May 2019
AB - Accounting for the exponential increase in security threats, the development of new defense strategies for pervasive environments is acquiring an ever-growing importance. The expected avalanche of heterogeneous IoT devices which will populate our industrial factories and smart houses will increase the complexity of managing security requirements in a comprehensive way. To this aim, cloud-based security services are gaining notable impetus to provide security mechanisms according to Security-as-a-Service (SECaaS) model. However, the deployment of security applications in remote cloud data-centers can introduce several drawbacks in terms of traffic overhead and latency increase. To cope with this, Edge Computing can provide remarkable advantages avoiding long routing detours. On the other hand, the limited capabilities of edge node introduce potential constraints in the overall management. This paper focuses on the provisioning of virtualized security services in resource-constrained edge nodes by leveraging lightweight virtualization technologies. Our analysis aims at shedding light on the feasibility of container-based security solutions, thus providing useful guidelines towards the orchestration of security at the edge. Our experiments show that the overhead introduced by the containerization is very light.
ER -