Virtualized Security at the Network Edge: A User-Centric Approach

Diego Montero; Marcelo Yannuzzi; Adrian Shaw; Ludovic Jacquin; Antonio Pastor; René Serral-Gracià; Antonio Lioy; Fulvio Risso; Cataldo Basile; Roberto Sassu; Mario Nemirovsky; Francesco Ciaccia; Michael Georgiades; Savvas Charalambides; Jarkko Kuusijärvi; Francesca Bosco

doi:10.1109/MCOM.2015.7081092

Virtualized Security at the Network Edge: A User-Centric Approach

Diego Montero
, Marcelo Yannuzzi
, Adrian Shaw
, Ludovic Jacquin
, Antonio Pastor
, René Serral-Gracià
, Antonio Lioy
, Fulvio Risso
, Cataldo Basile
, Roberto Sassu
, Mario Nemirovsky
, Francesco Ciaccia
, Michael Georgiades
, Savvas Charalambides
, Jarkko Kuusijärvi
, Francesca Bosco

Polytechnic University of Catalonia
Hewlett-Packard
Telefonica
Polytechnic University of Turin
ICREA
Barcelona Supercomputing Center
Primetel
VTT Technical Research Centre of Finland Ltd.
United Nations Interregional Crime and Justice Research Institute

Research output: Contribution to journal › Article › peer-review

45 Scopus citations

Abstract

The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.

Original language	English
Article number	7081092
Pages (from-to)	176-186
Number of pages	11
Journal	IEEE Communications Magazine
Volume	53
Issue number	4
DOIs	https://doi.org/10.1109/MCOM.2015.7081092
State	Published - 1 Apr 2015
Externally published	Yes

Access to Document

10.1109/MCOM.2015.7081092

Cite this

Montero, D., Yannuzzi, M., Shaw, A., Jacquin, L., Pastor, A., Serral-Gracià, R., Lioy, A., Risso, F., Basile, C., Sassu, R., Nemirovsky, M., Ciaccia, F., Georgiades, M., Charalambides, S., Kuusijärvi, J., & Bosco, F. (2015). Virtualized Security at the Network Edge: A User-Centric Approach. IEEE Communications Magazine, 53(4), 176-186. Article 7081092. https://doi.org/10.1109/MCOM.2015.7081092

@article{426f4ee635904687bbd385b34f6bf54f,

title = "Virtualized Security at the Network Edge: A User-Centric Approach",

abstract = "The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.",

author = "Diego Montero and Marcelo Yannuzzi and Adrian Shaw and Ludovic Jacquin and Antonio Pastor and Ren{\'e} Serral-Graci{\`a} and Antonio Lioy and Fulvio Risso and Cataldo Basile and Roberto Sassu and Mario Nemirovsky and Francesco Ciaccia and Michael Georgiades and Savvas Charalambides and Jarkko Kuusij{\"a}rvi and Francesca Bosco",

note = "Publisher Copyright: {\textcopyright} 1979-2012 IEEE.",

year = "2015",

month = apr,

day = "1",

doi = "10.1109/MCOM.2015.7081092",

language = "Ingl{\'e}s",

volume = "53",

pages = "176--186",

journal = "IEEE Communications Magazine",

issn = "0163-6804",

number = "4",

}

Montero, D, Yannuzzi, M, Shaw, A, Jacquin, L, Pastor, A, Serral-Gracià, R, Lioy, A, Risso, F, Basile, C, Sassu, R, Nemirovsky, M, Ciaccia, F, Georgiades, M, Charalambides, S, Kuusijärvi, J & Bosco, F 2015, 'Virtualized Security at the Network Edge: A User-Centric Approach', IEEE Communications Magazine, vol. 53, no. 4, 7081092, pp. 176-186. https://doi.org/10.1109/MCOM.2015.7081092

TY - JOUR

T1 - Virtualized Security at the Network Edge

T2 - A User-Centric Approach

AU - Montero, Diego

AU - Yannuzzi, Marcelo

AU - Shaw, Adrian

AU - Jacquin, Ludovic

AU - Pastor, Antonio

AU - Serral-Gracià, René

AU - Lioy, Antonio

AU - Risso, Fulvio

AU - Basile, Cataldo

AU - Sassu, Roberto

AU - Nemirovsky, Mario

AU - Ciaccia, Francesco

AU - Georgiades, Michael

AU - Charalambides, Savvas

AU - Kuusijärvi, Jarkko

AU - Bosco, Francesca

PY - 2015/4/1

Y1 - 2015/4/1

N2 - The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.

AB - The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.

UR - https://www.scopus.com/pages/publications/84927741456

U2 - 10.1109/MCOM.2015.7081092

DO - 10.1109/MCOM.2015.7081092

M3 - Artículo

AN - SCOPUS:84927741456

SN - 0163-6804

VL - 53

SP - 176

EP - 186

JO - IEEE Communications Magazine

JF - IEEE Communications Magazine

IS - 4

M1 - 7081092

ER -

Virtualized Security at the Network Edge: A User-Centric Approach

Abstract

Access to Document

Other files and links

Fingerprint

Cite this