TY - JOUR
T1 - Virtualized Security at the Network Edge
T2 - A User-Centric Approach
AU - Montero, Diego
AU - Yannuzzi, Marcelo
AU - Shaw, Adrian
AU - Jacquin, Ludovic
AU - Pastor, Antonio
AU - Serral-Gracià, René
AU - Lioy, Antonio
AU - Risso, Fulvio
AU - Basile, Cataldo
AU - Sassu, Roberto
AU - Nemirovsky, Mario
AU - Ciaccia, Francesco
AU - Georgiades, Michael
AU - Charalambides, Savvas
AU - Kuusijärvi, Jarkko
AU - Bosco, Francesca
N1 - Publisher Copyright:
© 1979-2012 IEEE.
PY - 2015/4/1
Y1 - 2015/4/1
N2 - The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.
AB - The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users' terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.
UR - https://www.scopus.com/pages/publications/84927741456
U2 - 10.1109/MCOM.2015.7081092
DO - 10.1109/MCOM.2015.7081092
M3 - Artículo
AN - SCOPUS:84927741456
SN - 0163-6804
VL - 53
SP - 176
EP - 186
JO - IEEE Communications Magazine
JF - IEEE Communications Magazine
IS - 4
M1 - 7081092
ER -