This paper discusses the open issues in incorporating trust techniques in the NFV environment specified by the ETSI NFV Industry Specification Group, and it analyses available technologies to fill this gap. ETSI is developing security and trust specifications within its NFV-SEC working group, with the aim of establishing and assessing trust of both the hardware platform and the virtualised infrastructure hosting the Virtual Network Functions. Cloud computing, envisioned by ETSI as enabling technology for the deployment of the NFV infrastructure, represents a challenging environment for the establishment of trust. Open issues in this area include applicability of hardware-based trust assessment to a virtualised infrastructure, and integrity and privacy of virtual instances hosted on a multi-tenant platform. This paper discusses the challenges in applying one specific technology, Trusted Computing, to a NFV cloud-based architecture and proposes a concrete solution (based on the Intel OpenCIT framework) to address each issues. Moreover, a mapping between the ETSI NFV security and trust guidance and the OpenCIT capabilities is proposed. Finally, applicability of the solution to the NFV Management and Network Orchestration stack is discussed, with particular attention to the reference implementation promoted by the ETSI-hosted initiative Open Source MANO.

On the establishment of trust in the cloud-based ETSI NFV framework / De Benedictis, Marco; Lioy, Antonio. - STAMPA. - (2017), pp. 280-285. ((Intervento presentato al convegno SN-2017: IEEE International Workshop on Security in NFV-SDN tenutosi a Berlin (Germany) nel November 6-8, 2017 [10.1109/NFV-SDN.2017.8169864].

On the establishment of trust in the cloud-based ETSI NFV framework

DE BENEDICTIS, MARCO;LIOY, ANTONIO
2017

Abstract

This paper discusses the open issues in incorporating trust techniques in the NFV environment specified by the ETSI NFV Industry Specification Group, and it analyses available technologies to fill this gap. ETSI is developing security and trust specifications within its NFV-SEC working group, with the aim of establishing and assessing trust of both the hardware platform and the virtualised infrastructure hosting the Virtual Network Functions. Cloud computing, envisioned by ETSI as enabling technology for the deployment of the NFV infrastructure, represents a challenging environment for the establishment of trust. Open issues in this area include applicability of hardware-based trust assessment to a virtualised infrastructure, and integrity and privacy of virtual instances hosted on a multi-tenant platform. This paper discusses the challenges in applying one specific technology, Trusted Computing, to a NFV cloud-based architecture and proposes a concrete solution (based on the Intel OpenCIT framework) to address each issues. Moreover, a mapping between the ETSI NFV security and trust guidance and the OpenCIT capabilities is proposed. Finally, applicability of the solution to the NFV Management and Network Orchestration stack is discussed, with particular attention to the reference implementation promoted by the ETSI-hosted initiative Open Source MANO.
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11583/2679668
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo