Litcius/Paper detail

Automation for Network Security Configuration: State of the Art and Research Trends

Daniele Bringhenti, Guido Marchetto, Riccardo Sisto, Fulvio Valenza

2023ACM Computing Surveys54 citationsDOIOpen Access PDF

Abstract

The size and complexity of modern computer networks are progressively increasing, as a consequence of novel architectural paradigms such as the Internet of Things and network virtualization. Consequently, a manual orchestration and configuration of network security functions is no more feasible in an environment where cyber attacks can dramatically exploit breaches related to any minimum configuration error. A new frontier is then the introduction of automation in network security configuration, i.e., automatically designing the architecture of security services and the configurations of network security functions, such as firewalls, Virtual Private Networks gateways, and so on. This opportunity has been enabled by modern computer networks technologies, such as virtualization. In view of these considerations, the motivations for the introduction of automation in network security configuration are first introduced, along with the key automation enablers. Then, the current state of the art in this context is surveyed, focusing on both the achieved improvements and the current limitations. Finally, possible future trends in the field are illustrated.

Topics & Concepts

Computer scienceVirtualizationAutomationComputer securityNetwork securityExploitNetwork architectureComputer security modelResilience (materials science)Context (archaeology)Security serviceCloud computingOperating systemInformation securityBiologyEngineeringThermodynamicsPaleontologyMechanical engineeringPhysicsSoftware-Defined Networks and 5GNetwork Security and Intrusion DetectionInternet Traffic Analysis and Secure E-voting