CAREER: Towards Elastic Security with Safe and Efficient Network Security Function Virtualization

职业：通过安全高效的网络安全功能虚拟化迈向弹性安全

• 批准号: 1846291
• 负责人: Hongxin Hu
• 金额: $ 50万
• 依托单位: Clemson University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2021-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1846291&HistoricalAwards=false
• 关键词: CAREER; Towards; Elastic; Security; Safe; CAREER; Towards; Elastic; Security; Safe

Traditional network security functions are generally implemented on vendor proprietary appliances or middleboxes, which usually lack a general programming interface, and their versatility and flexibility are also very poor. These traditional network security appliances often need to be placed at fixed network entry points and have a constant capacity with respect to the maximum amount of traffic they can process. Such rigid nature makes them inefficient in protecting today's prevailing programmable and virtualizable environments. Network Function Virtualization (NFV) and Software-Defined Networking (SDN) are two emerging networking paradigms that offer the potential to address those limitations and are able to facilitate elastic security with the design of a new breed of network security functions called virtual Network Security Functions (vNSFs). The major goal of this project is to extend the understanding and science of virtual Network Security Functions. It will develop new technology for virtual Network Security Functions where security microservices can be deployed elastically, safely and efficiently, on demand, tailored to the needs of the situation. It addresses major challenges inherent in the management, design, deployment, and execution of virtual Network Security Functions that currently prevent the full use of their benefits. This project will also integrate a comprehensive education plan with the proposed research to train the next generation workforce in computational sciences. The project will foster the diversity of students by active recruitment of women and other under-represented groups for participation in the research.This project will first propose a new firewall architecture to address challenges in virtual firewall scaling. This project will then explore solutions to facilitate safe and efficient virtualization of both traditional and Artificial Neural Network (ANN)-based Intrusion Detection Systems. Finally, this project will develop a general framework, OpenNSFV, for supporting safe and efficient virtualization of network security functions. The proposed solutions of this project will be flexible, scalable, trustworthy, and optimal, and will substantially enhance the security of programmable and virtualizable network infrastructure. To demonstrate the practicality and feasibility of the proposed solutions, the project will implement, deploy, and evaluate the proposed security mechanisms in real production environments.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

通常在供应商专有设备或中间箱（通常缺乏一般编程接口）上实现传统的网络安全功能，其多功能性和灵活性也很差。这些传统的网络安全设备通常需要放置在固定网络入口点上，并且对于可以处理的最大流量量具有恒定的容量。这种僵化的性质使它们在保护当今盛行的可编程和虚拟化环境方面效率低下。网络功能虚拟化（NFV）和软件定义的网络（SDN）是两个新兴的网络范式，可通过设计新的网络安全函数（称为虚拟网络安全函数（VNSF））来促进这些限制的潜力，并能够促进弹性安全性。该项目的主要目标是扩展虚拟网络安全功能的理解和科学。 它将为虚拟网络安全函数开发新技术，在这些技术中，可以根据情况量身定制安全微服务，安全，安全，安全地按需部署。它解决了虚拟网络安全功能的管理，设计，部署和执行中固有的主要挑战，这些功能目前阻止了其福利的全部使用。该项目还将将一项综合教育计划与拟议的研究融合，以培训计算科学领域的下一代劳动力。该项目将通过积极招募妇女和其他代表性不足的群体来促进学生的多样性。该项目将首先提出一种新的防火墙架构，以应对虚拟防火墙缩放的挑战。然后，该项目将探索解决方案，以促进基于传统神经网络（ANN）的入侵检测系统的安全有效虚拟化。最后，该项目将开发一个通用框架OpenNSFV，以支持网络安全功能的安全有效虚拟化。该项目的拟议解决方案将是灵活的，可扩展的，可信赖的和最佳的，并将大大提高可编程和虚拟化网络基础结构的安全性。为了证明所提出的解决方案的实用性和可行性，该项目将在实际生产环境中实施，部署和评估所提出的安全机制。该奖项反映了NSF的法定任务，并被认为是通过基金会的知识分子优点和更广泛的审查标准通过评估来评估的。