Attack-aware Security Function Chain Reordering
This work addresses performance bottlenecks in security systems for cloud and network infrastructures, but it is incremental as it builds on prior optimization methods by adding ordering considerations.
The paper tackles the problem of optimizing security function chains in cloud and network infrastructures by considering the order in which traffic passes through security functions, showing that reordering can lead to performance improvements of multiple orders of magnitude.
Attack-awareness recognizes self-awareness for security systems regarding the occurring attacks. More frequent and intense attacks on cloud and network infrastructures are pushing security systems to the limit. With the end of Moore's Law, merely scaling against these attacks is no longer economically justified. Previous works have already dealt with the adoption of Software-defined Networking and Network Function Virtualization in security systems and used both approaches to optimize performance by the intelligent placement of security functions. However, these works have not yet considered the sequence in which traffic passes through these functions. In this work, we make a case for the need to take this ordering into account by showing its impact. We then propose a reordering framework and analyze what aspects are necessary for modeling security service function chains and making decisions regarding the order based on those models. We show the impact of the order and validate our framework in an evaluation environment. The effect can extend to multiple orders of magnitude, and the framework's evaluation proves the feasibility of our concept.