Overview
The need to distribute network functions in a “tactical” cloud is not unique to military networks. It also applies to cloud environments in general, especially in the context of network function virtualization and to support resource allocation elasticity. To implement network services in a distributed manner is even more important and relevant in tactical networks given their heterogeneous nature and dynamicity. It has been shown that a “one-to-many” mappings of stateful network functions from logical-to-physical layer would suffer from unexpected behaviours due to race conditions that naturally occur at the decentralised physical network layer.
Expected Outcomes
We aim to
- Develop agile, robust, and scalable de-centralized security policy adaptation mechanisms, that are generic and application-semantics-agnostic.
- Develop a framework for taking specifications of security and network function services, like firewalls and NAT, and generate decentralised implementations within tactical cloud environments.
- Develop analytic methods and empirical experiments for evaluating the behaviour of network functions (e.g. firewall behaviour) in the distributed environment and the impact that the distributed implementation has on the network performance (e.g. packets lost).
