System architecture and deployment scenarios for SESAME: small cEllS coordinAtion for Multi-tenancy and Edge services

The surge of the Internet traffic with exabytes of data flowing over operators’ mobile networks has created the need to rethink the paradigms behind the design of the mobile network architecture. The inadequacy of the 4G UMTS Long term Evolution (LTE) and even of its advanced version LTE-A is evident, considering that the traffic will be extremely heterogeneous in the near future and ranging from 4K resolution TV to machine-type communications. To keep up with these changes, academia, industries and EU institutions have now engaged in the quest for new 5G technology. In this paper we present the innovative system design, concepts and visions developed by the 5G PPP H2020 project SESAME (Small cEllS coordinAtion for Multi-tenancy and Edge services). The innovation of SESAME is manifold: i) combine the key 5G small cells with cloud technology, ii) promote and develop the concept of Small Cells-as-a-Service (SCaaS), iii) bring computing and storage power at the mobile network edge through the development of non-x86 ARM technology enabled micro-servers, and iv) address a large number of scenarios and use cases applying mobile edge computing

PALANTIR demo: leveraging SecaaS model for managing threats in industrial environments

PALANTIR, an EU-funded Innovation Action project, delivers tailored and pervasive resource protection through the Security-as-a-Service paradigm. This demo presents the architecture and validates the prototype against three threat scenarios with botnet, data breach and tampering attacks

NFV-based network protection: the SHIELD approach

This paper describes a demo that showcases some of the capabilities foreseen for the security infrastructure designed by the H2020 SHIELD project. SHIELD exploits NFV for adaptive monitoring of an IT infrastructure and for feeding the data to an analytics engine to detect attacks in real time. An intelligent reaction system is then activated to reconfigure the SDN/NFV infrastructure so that the attacks are thwarted. The SDN/NFV infrastructure itself is protected from attacks thanks to trusted computing techniques, that permit to quickly identify misbehaving nodes. The proposed demo will present detection and reaction to a DDoS attack (by on-the-fly deployment of new virtual network security functions and/or change of network paths), as well as detection of software attacks against virtual network functions (executed in Docker containers) and unauthorized modification of the SDN switching tables and NFV configurations

SDN-based service function chaining mechanism and service prototype implementation in NFV scenario

The fast growing development of Network Function Virtualization (NFV) trends and the remarkable progress of Software Defined Networking (SDN) have yielded a synergy between both, towards the provision of convergent networking solutions. Since the traditional networking principles were not designed according to the NFV principles, a work has emerged dedicated to protocol redesign among the academic fellows and the industry representatives. A typical example that has been introduced in such eco-system is the concept of network service chaining, as a composition of virtual network functions stitched together in a logically ordered fashion, to create an integral networking service that can be owned by network administrators, programmers, cloud- and telco-operators. This appoints SDN as an essential technology enabler in administering advanced traffic steering techniques, thanks to the SDN controller's capability to dynamically manage VNFs virtual connections and underlying dataplane flows. Despite the rapid progression, the strategies for traffic steering in NFV environment, are still facing imminent challenges to be addressed. This paper joins NFV and SDN technology into a novel traffic steering solution based on open source reference implementations (such as SDK for SDN, virtual Traffic Classifier, virtual Media Transcoder, and WAN Infrastructure Connection Manager) designed with performance and network optimizations in mind. We have successfully deployed and tested the system prototype in a real datacenter. The evaluation results of the prototype system: (1) validated the presented chain use cases, (2) affirmed an efficient performance and scalability of the chaining method, and (3) certified good quality of video traffic transmission and transcoding

PALANTIR: an NFV-based security-as-a-service approach for automating threat mitigation

Small and medium enterprises are significantly hampered by cyber-threats as they have inherently limited skills and financial capacities to anticipate, prevent, and handle security incidents. The EU-funded PALANTIR project aims at facilitating the outsourcing of the security supervision to external providers to relieve SMEs/MEs from this burden. However, good practices for the operation of SME/ME assets involve avoiding their exposure to external parties, which requires a tightly defined and timely enforced security policy when resources span across the cloud continuum and need interactions. This paper proposes an innovative architecture extending Network Function Virtualisation to externalise and automate threat mitigation and remediation in cloud, edge, and on-premises environments. Our contributions include an ontology for the decision-making process, a Fault-and-Breach-Management-based remediation policy model, a framework conducting remediation actions, and a set of deployment models adapted to the constraints of cloud, edge, and on-premises environment(s). Finally, we also detail an implementation prototype of the framework serving as evaluation material.The work described in this article has received funding by the European Union Horizon 2020 research and innovation programme, supported under Grant Agreement no. 883335—PALANTIR (Practical Autonomous Cyberhealth for resilient SMEs and Microenterprises)