Paper Title
ENABLING SOFTWARE-DEFINED ACCESS CONTROL IN CLOUD ENVIRONMENTS THROUGH NETWORK FUNCTIONS VIRTUALIZATION ORCHESTRATION

Abstract
Abstract - Network services Virtualization (NFV), which involves the consolidation and software-based implementation of hardware-based network services, reduces both CAPEX and OPEX, two types of costs that have gained widespread recognition as being amenable to reduction. For instance, TOSCA is one of the standard models that helps NFV orchestrators (like Tacker, Cloudify, and ONAP) dynamically and optimally manage and orchestrate various forms of virtualized network resources (like VMs and Virtual Network Functions). It is unclear how the security measures are handled to ensure the continuity of security for virtualized network assets over their lifetimes. We conduct a thorough evaluation of current NFV orchestrators and enhance the TOSCA model with additional security functions that may be used to develop and implement policies for controlling access to cloud resources. The software-defined tenant-specific access control paradigm is combined with a TOSCA-parser to form this security orchestrator. A security orchestrator's major function is to facilitate the dynamic development of access control models and policies across various tenant domains that may span many NFV layers and data centres. To prove the practicality of our concept, we build a prototype of our security orchestrator and put it through its paces in a carrier-grade data centre, gathering data on its throughput, scalability, and adaptability along the way. Our trials show that it is possible to achieve all of the required functionalities while maintaining a reasonable throughput of our security orchestrator, regardless of the number of tenants, users, or objects deployed in the cloud. Keywords - Network Functions Virtualization (NFV), Data Model, Service Orchestration, Security Management, Access Control