A dynamic model building process for virtual network security assessment

Network virtualization - in which network topologies and protocols are tailor-made for individual service providers across multiple infrastructure providers - is a concept that holds great promise for the future internet. However, security in the Virtual Network (VNet) context is difficult to assess and understand because service providers have no visibility into the infrastructure over which their networks operate which could be a significant concern from an adoption perspective. In a previous work, we introduced a VNet Security Assessment Process to address this challenge by building a security preference model based on the input of a group of security experts. However, a flexibility-limiting factor of the process is the requirement for security experts to meet each time a model change is required. In this paper, we introduce DS-MACBETH which combines Dempster-Shafer theory (DST) with the multi-criteria decision making process MACBETH (Measuring Attractiveness by a Categorical Based Evaluation Technique). We combine DST with MACBETH in order to allow security experts to contribute to model building in an asynchronous, distributed fashion. We integrate DS-MACBETH into our previous VNet security assessment process to achieve a dynamic security model building process whose sources of knowledge can be expanded beyond human sources of security knowledge (e.g. sensors, expert systems, etc).