research-article

A First Step Towards Security Extension for NFV Orchestrator

Authors:

Montida Pattaranantakul,

Ahmed MeddahiAuthors Info & Claims

SDN-NFVSec '17: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

Pages 25 - 30

https://doi.org/10.1145/3040992.3040995

Published: 24 March 2017 Publication History

Abstract

Network Functions Virtualization (NFV) has recently emerged as one of the new networking paradigms to significantly change the way that the networks and services are deployed, managed, and operated. One of the major advantages of NFV is to reduce hardware cost, meanwhile increasing service agility and scalability. Recently, there are many platforms for NFV management and orchestration (MANO) are available, however few of them contains dedicated modules or components for security management. This paper is intended to study the feasibility of extending the current NFV orchestrator to have the capability of managing security mechanisms. To do that, we propose a security extension module based on TOSCA data model which is commonly used by NFV MANO architecture. We then develop an access control use case to illustrate the usage of our proposed security extension. Specifically, we integrate the security extension into the Moon framework, which can automatically verify security attributes, generate access control policies, and further enforce the policies through the underlying infrastructure according to the high-level security policies. The preliminary results show that our security extension can work together with the NFV orchestrator to enable fine-grained access control to protect resources and services.

References

[1]

YAML Ain't Markup Langauge. http://yaml.org/, May 2001.

[2]

Cloudnfv. http://www.cloudnfv.com/, Jan 2014.

[3]

OpenMANO. https://github.com/nfvlabs/openmano, Mar 2015.

[4]

OpenBaton. https://openbaton.github.io/, Jan 2016.

[5]

Alcatel-Lucent. Cloudband. http://www.tmcnet.com/redir/?u=1010632, 2014.

[6]

Z. Bronstein and E. Shraga. NFV Virtualisation of the Home Environment. In CCNC' 14, pages 899--904, Jan 2014.

[7]

J. Carapinha et al. Network Virtualization - Opportunities and Challenges for Operators. In FIS'10, pages 138--147, 2010.

Digital Library

[8]

A. Dutta. Security Challenges and Opportunities in SDN/NFV Networks. http://www.isr.umd.edu/sites/default/files/Dutta.pdf, Nov 2016.

[9]

ETSI. Network Functions Virtualization: An Introduction, Benefits, Enablers, Challenges & Call for Action, Oct 2012.

[10]

ETSI. Network Functions Virtualization (NFV); Management and Orchestration, Dec 2014.

[11]

ETSI. Network Functions Virtualization (NFV): NFV Security, Security and Trust Guidance, Dec 2014.

[12]

ETSI. Network Functions Virtualization (NFV): Security Report, Security Management and Monitoring for NFV, Nov 2015.

[13]

B. Han et al. Network Function Virtualization: Challenges and Opportunities for Innovations. IEEE Communications Magazine, 53(2):90--97, Feb 2015.

[14]

H. Hawilo et al. NFV: State of the Art, Challenges, and Implementation in Next Generation Mobile Networks (vEPC). IEEE Network, 28(6):18--26, Nov 2014.

[15]

Heat. Heat - Openstack Orchestration. https://wiki.openstack.org/wiki/Heat, May 2014.

[16]

B. Jaeger. Security Orchestrator: Introducing a Security Orchestrator in the Context of the ETSI NFV Reference Architecture. In IEEE TrustCom' 15, pages 1255--1260, Aug 2015.

Digital Library

[17]

R. Jain and S. Paul. Network Virtualization and Software Defined Networking for Cloud Computing: a Survey. IEEE Communications Magazine, 51(11):24--31, November 2013.

[18]

R. Mijumbi et al. Network Function Virtualization: State-of-the-Art and Research Challenges. IEEE Communications Surveys & Tutorials, 18(1):236--262, 2016.

[19]

OPNFV. Moon - Security Management Module. https://wiki.opnfv.org/display/moon/Moon, Apr 2016.

[20]

M. Pattaranantakul et al. SecMANO: Towards Network Functions Virtualization (NFV) based Security MANagement and Orchestration. In IEEE TrustCom' 16, Aug 2016.

[21]

Tacker. Tacker - OpenStack NFV Orchestration. https://wiki.openstack.org/wiki/Tacker, 2013.

[22]

TOSCA. TOSCA Simple Profile for Network Functions Virtualization (NFV version 1.0), Mar 2016.

Cited By

Alnaim A(2024)Securing 5G virtual networks: a critical analysis of SDN, NFV, and network slicing securityInternational Journal of Information Security10.1007/s10207-024-00900-523:6(3569-3589)Online publication date: 20-Aug-2024
https://doi.org/10.1007/s10207-024-00900-5
Habibi MYousaf FSchotten H(2022)Mapping the VNFs and VLs of a RAN Slice Onto Intelligent PoPs in Beyond 5G Mobile NetworksIEEE Open Journal of the Communications Society10.1109/OJCOMS.2022.31650003(670-704)Online publication date: 2022
https://doi.org/10.1109/OJCOMS.2022.3165000
Ranaweera PJurcut ALiyanage M(2021)Survey on Multi-Access Edge Computing Security and PrivacyIEEE Communications Surveys & Tutorials10.1109/COMST.2021.306254623:2(1078-1124)Online publication date: Oct-2022
https://doi.org/10.1109/COMST.2021.3062546
Show More Cited By

Index Terms

A First Step Towards Security Extension for NFV Orchestrator
1. General and reference
  1. Document types
    1. General conference proceedings

Recommendations

Security Orchestrator: Introducing a Security Orchestrator in the Context of the ETSI NFV Reference Architecture
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

During the last two years, the ETSI NFV Management and Orchestration (MANO) working group has defined the ETSI NFV Reference Architecture. Network Function Virtualization (NFV) means the virtualization of telco network elements intending to get away ...
Security Orchestrator: Introducing a Security Orchestrator in the Context of the ETSI NFV Reference Architecture
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

During the last two years, the ETSI NFV Management and Orchestration (MANO) working group has defined the ETSI NFV Reference Architecture. Network Function Virtualization (NFV) means the virtualization of telco network elements intending to get away ...
RESTRAIN: A dynamic and cost-efficient resource management scheme for addressing performance interference in NFV-based systems
Abstract
Network Functions Virtualization (NFV) replaces the conventional middleboxes by their software counterparts known as Virtual Network Functions (VNFs) which run on general-purpose hardware platforms and promise several benefits like ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SDN-NFVSec '17: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

March 2017

80 pages

ISBN:9781450349086

DOI:10.1145/3040992

General Chairs:
Gail-Joon Ahn
Arizona State University, USA
,
Guofei Gu
Texas A&M University, USA
,
Program Chairs:
Hongxin Hu
Clemson University, USA
,
Seungwon Shin
KAIST, Korea

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 March 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CODASPY '17

Sponsor:

SIGSAC

CODASPY '17: Seventh ACM Conference on Data and Application Security and Privacy

March 24, 2017

Arizona, Scottsdale, USA

Acceptance Rates

SDN-NFVSec '17 Paper Acceptance Rate 4 of 10 submissions, 40%;

Overall Acceptance Rate 11 of 30 submissions, 37%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
447
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)1

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Alnaim A(2024)Securing 5G virtual networks: a critical analysis of SDN, NFV, and network slicing securityInternational Journal of Information Security10.1007/s10207-024-00900-523:6(3569-3589)Online publication date: 20-Aug-2024
https://doi.org/10.1007/s10207-024-00900-5
Habibi MYousaf FSchotten H(2022)Mapping the VNFs and VLs of a RAN Slice Onto Intelligent PoPs in Beyond 5G Mobile NetworksIEEE Open Journal of the Communications Society10.1109/OJCOMS.2022.31650003(670-704)Online publication date: 2022
https://doi.org/10.1109/OJCOMS.2022.3165000
Ranaweera PJurcut ALiyanage M(2021)Survey on Multi-Access Edge Computing Security and PrivacyIEEE Communications Surveys & Tutorials10.1109/COMST.2021.306254623:2(1078-1124)Online publication date: Oct-2022
https://doi.org/10.1109/COMST.2021.3062546
Ahmad IPinola JHarjula ISuomalainen JHarjula EHuusko JKumar T(2021)An Overview of the Security Landscape of Virtual Mobile NetworksIEEE Access10.1109/ACCESS.2021.31333199(169014-169030)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3133319
Smine MEspes DCuppens-Boulahia NCuppens FPahl M(2021)A Priority-Based Domain Type Enforcement for Exception ManagementFoundations and Practice of Security10.1007/978-3-030-70881-8_5(65-81)Online publication date: 27-Feb-2021
https://doi.org/10.1007/978-3-030-70881-8_5
Wu XHou KLeng XLi XYu YWu BChen Y(2020)State of the Art and Research Challenges in the Security Technologies of Network Function VirtualizationIEEE Internet Computing10.1109/MIC.2019.295671224:1(25-35)Online publication date: 1-Jan-2020
https://doi.org/10.1109/MIC.2019.2956712
Khan RKumar PJayakody DLiyanage M(2020)A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future DirectionsIEEE Communications Surveys & Tutorials10.1109/COMST.2019.293389922:1(196-248)Online publication date: Sep-2021
https://doi.org/10.1109/COMST.2019.2933899
Smine MEspes DCuppens-Boulahia NCuppens F(2020)Network Functions Virtualization Access Control as a ServiceData and Applications Security and Privacy XXXIV10.1007/978-3-030-49669-2_6(100-117)Online publication date: 18-Jun-2020
https://doi.org/10.1007/978-3-030-49669-2_6
Farris ITaleb TKhettab YSong J(2019)A Survey on Emerging SDN and NFV Security Mechanisms for IoT SystemsIEEE Communications Surveys & Tutorials10.1109/COMST.2018.286235021:1(812-837)Online publication date: Sep-2020
https://doi.org/10.1109/COMST.2018.2862350
PATTARANANTAKUL MHe RZhang ZMeddahi AWang P(2018)Leveraging Network Functions Virtualization Orchestrators to Achieve Software-Defined Access Control in the CloudsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2018.2889709(1-1)Online publication date: 2018
https://doi.org/10.1109/TDSC.2018.2889709
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents