Network Security Automation

Network virtualization introduced higher flexibility and dynamicity, but at the same time it led to new threats and challenges. The traditional approach of a manual configuration of Network Security Functions (NSFs) such as firewalls and VPN gateways is not feasible anymore, since it is not adequate for the ever-changing nature of modern networks and it is prone to human errors. To overcome this problem, the native flexibility provided by virtualization could be exploited to automate network security management. However, achieving a high level of automation while providing formal assurance that security management operations (e.g., configuration and orchestration) fulfill some security properties is still an open research challenge. Therefore, this speech presents a novel approach combining automation, formal verification and optimization for network security management. Specifically, this approach pursues “correctness by construction”, avoiding a traditional a-posteriori formal verification, and fulfills optimality criteria to improve the efficiency of the security operations.

Speaker: Daniele Bringhenti - Politecnico di Torino