Attack-aware Security Function Chain Reordering

TL;DR

This paper emphasizes the importance of the sequence of security functions in service chains, proposing a reordering framework that improves security system performance against attacks.

Contribution

It introduces a novel framework for reordering security functions in service chains, considering attack-awareness and modeling aspects for optimal sequence determination.

Findings

Order of security functions significantly impacts system effectiveness.

The proposed framework can improve security performance by multiple orders of magnitude.

Validation shows the feasibility and potential benefits of reordering security functions.

Abstract

Attack-awareness recognizes self-awareness for security systems regarding the occurring attacks. More frequent and intense attacks on cloud and network infrastructures are pushing security systems to the limit. With the end of Moore's Law, merely scaling against these attacks is no longer economically justified. Previous works have already dealt with the adoption of Software-defined Networking and Network Function Virtualization in security systems and used both approaches to optimize performance by the intelligent placement of security functions. However, these works have not yet considered the sequence in which traffic passes through these functions. In this work, we make a case for the need to take this ordering into account by showing its impact. We then propose a reordering framework and analyze what aspects are necessary for modeling security service function chains and making decisions regarding the order based on those models. We show the impact of the order and validate our framework in an evaluation environment. The effect can extend to multiple orders of magnitude, and the framework's evaluation proves the feasibility of our concept.