Virtualized Security at the Network Edge: A User-centric Approach D. Montero ∗ , M. Yannuzzi ∗ , A. Shaw † , L. Jacquin † , A. Pastor ‡ , R. Serral-Graci` a ∗ , A. Lioy § , F. Risso § , C. Basile § , R. Sassu § , M. Nemirovsky ‡‡ , F. Ciaccia ¶ , M. Georgiades ‖ , S. Charalambides ‖ J. Kuusij¨ arvi ∗∗ , F. Bosco †† ∗ Technical University of Catalonia (UPC), Spain † Hewlett-Packard Laboratories, United Kingdom ‡ Telef´ onica I+D, Spain § Politecnico di Torino, Dip. Automatica e Informatica, Italy ¶ Barcelona Supercomputing Center (BSC), Spain ‡‡ ICREA Researcher Professor at BSC, Spain ‖ PrimeTel PLC, Cyprus ∗∗ VTT Technical Research Centre of Finland Ltd, Finland †† United Nations Interregional Crime and justice Research Institute, Italy Abstract—The current device-centric protection model against security threats has serious limitations. On the one hand, the proliferation of user terminals such as smart-phones, tablets, notebooks, smart TVs, game consoles and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the set up of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this paper advocates for a paradigm shift in user protection. In our model, the protection is decoupled from the users’ terminals, and it is provided by the access network through a Trusted Virtual Domain (TVD). Each TVD provides unified and homogeneous security for a single user, irrespective of the terminal employed. We describe a user-centric model, where non-technically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness from the virtualization power offered by next- generation access networks, especially, from Network Functions Virtualization (NFV) in the Points of Presence (POPs) at the edge of Telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof-of-concept. Index Terms—Security, virtualization, offloading, NFV. I. I NTRODUCTION The protection of users’ terminals against Internet threats is largely dominated by a device-centric model. This basically consists of installing a set of security applications on each terminal, such as anti-virus software, a personal firewall, etc. An average user nowadays has multiple terminals, including a smart-phone, a smart TV, and a notebook, and in many cases, also a tablet, a desktop computer and even a games console. These devices usually have different architectures (e.g., Intel or ARM) as well as different capabilities and operating sys- tems (e.g., Android, Windows, or Linux), so the appropriate protection tools may not be available for all platforms. As a result, the most common practice is to install different security applications in the various terminals—or simply rely on the default protection means provided by the operating systems. Let us assume for a moment that users would like to have the same security policy and exactly the same protection level enforced on all of their devices. In the context of this paper, we will call this the “uniform security aim”. To achieve this goal, the user typically needs to understand the configuration details of each device, which typically involves the setup of different security applications on different platforms. For non- technically savvy people, this turns out to be an impossible hurdle to overcome. As a result, most Internet users suffer from wide variations in their protection levels, and this problem is exacerbated as the number of devices per user grows. In this paper, we propose a paradigm shift from device- centric protection to a user-centric model. The latter specifi- cally addresses the two main drawbacks of the former, that is: i) the need for dissimilar installations of security applications in different devices due to their different platforms; and ii) the problem of non-uniform protection due to the difficulties in the configurations needed. To cope with the first problem, we propose a model in which the protection and security policies are now unified and remain homogeneous for each user, independently of the terminal used. This is achieved by means of a user-specific Trusted Virtual Domain (TVD), which is dynamically instantiated at a secure place in the network edge. As we shall show, the TVD can be instantiated either on the user’s side (e.g., on a home gateway), or on the provider’s side (e.g., on a next-generation broadband access server handling the users’ connections). To cope with the second problem identified above, we propose a user-defined security model that aims at ease of use by design. We discuss the importance of exposing the selection of high-level protection policies to the average user, and the necessity to enforce the configurations required transparently to the latter. This simple strategy detaches the definition of the protection policies from their corresponding configura- tions, thus allowing tailored protection even by non-technically savvy users. It is worth highlighting that the virtualized security model described in this paper can be applied both to