论文信息 - A First Step Towards Security Extension for NFV Orchestrator

A First Step Towards Security Extension for NFV Orchestrator

Network Functions Virtualization (NFV) has recently emerged as one of the new networking paradigms to significantly change the way that the networks and services are deployed, managed, and operated. One of the major advantages of NFV is to reduce hardware cost, meanwhile increasing service agility and scalability. Recently, there are many platforms for NFV management and orchestration (MANO) are available, however few of them contains dedicated modules or components for security management. This paper is intended to study the feasibility of extending the current NFV orchestrator to have the capability of managing security mechanisms. To do that, we propose a security extension module based on TOSCA data model which is commonly used by NFV MANO architecture. We then develop an access control use case to illustrate the usage of our proposed security extension. Specifically, we integrate the security extension into the Moon framework, which can automatically verify security attributes, generate access control policies, and further enforce the policies through the underlying infrastructure according to the high-level security policies. The preliminary results show that our security extension can work together with the NFV orchestrator to enable fine-grained access control to protect resources and services.

Ahmed Meddahi | Zonghua Zhang | Ruan He | Montida Pattaranantakul | Yuchia Tseng

[1] Bernd Jäger,et al. Security Orchestrator: Introducing a Security Orchestrator in the Context of the ETSI NFV Reference Architecture , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[2] Raj Jain,et al. Network virtualization and software defined networking for cloud computing: a survey , 2013, IEEE Communications Magazine.

[3] Ahmed Meddahi,et al. SecMANO: Towards Network Functions Virtualization (NFV) Based Security MANagement and Orchestration , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[4] Jorge Carapinha,et al. Network Virtualization - Opportunities and Challenges for Operators , 2010, FIS.

[5] Filip De Turck,et al. Network Function Virtualization: State-of-the-Art and Research Challenges , 2015, IEEE Communications Surveys & Tutorials.

[6] Abdallah Shami,et al. NFV: state of the art, challenges, and implementation in next generation mobile networks (vEPC) , 2014, IEEE Network.

[7] Seungjoon Lee,et al. Network function virtualization: Challenges and opportunities for innovations , 2015, IEEE Communications Magazine.

[8] Zvika Bronstein,et al. NFV virtualisation of the home environment , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).