Security Implications, Issues and Approaches in Programmable Networks

The emerging trend in network softwarization has led to a programmable networking architecture that improves the traditional control of network systems from hardware-based configurations to a fully-softwarized approach. The benefits from this tran- sition are numerous; however, the impact on network security aspects may turn out to be negative, unless proper changes are introduced in the way security applications are de- signed and deployed. In particular, the multi-tenant environment, the dynamic nature of current Network Services, and the ongoing integration of software-intensive embedded systems and global communication networks into Cyber-Physical Systems have introduced further security considerations that need to be addressed. We examine the main motiva- tions to go beyond the traditional "security perimeter" vision and the current trends in cybersecurity leveraging network programmability. Then, we examine a service-centric ar- chitectural framework that adopts centralized management to ensure end-to-end security, by gathering security context information from "light" local agents deployed on the service functions and by utilizing state-of-the-art technologies for external threat protection. We conclude the chapter with the discussion of a cyber-range approach to test the security of virtualized networking environments.