Cloud computing has deeply affected the structure of modern ICT infrastructures. It represents an enabling technology for novel paradigms such as Network Function Virtualisation (NFV). This approach proposes the virtualisation of network functions to enhance the flexibility of networks and to reduce the costs of infrastructure management. Besides potential benefits, NFV inherits the limitations of traditional virtualisation where the isolation of resources comes at the cost of a performance overhead. Lightweight forms of virtualisation, like containers, aim to mitigate this limitation. Furthermore, they allow the agile composition of complex services. These characteristics make containers a suitable technology for NFV environment. A major concern towards the exploitation of containers is security. Since containers provide less isolation than virtual machines, they can expose the whole host to vulnerabilities. In this work we investigate container-related threats and propose a secure design for a Virtual Network Function deployed in a lightweight NFV environment.

Towards a secure and lightweight Network Function Virtualisation environment / De Benedictis, M.; Lioy, A.; Smiraglia, P.. - In: INTERNATIONAL JOURNAL OF GRID AND UTILITY COMPUTING. - ISSN 1741-847X. - STAMPA. - 11:2(2020), pp. 243-252. [10.1504/IJGUC.2020.105539]

Towards a secure and lightweight Network Function Virtualisation environment

M. De Benedictis;A. Lioy;P. Smiraglia
2020

Abstract

Cloud computing has deeply affected the structure of modern ICT infrastructures. It represents an enabling technology for novel paradigms such as Network Function Virtualisation (NFV). This approach proposes the virtualisation of network functions to enhance the flexibility of networks and to reduce the costs of infrastructure management. Besides potential benefits, NFV inherits the limitations of traditional virtualisation where the isolation of resources comes at the cost of a performance overhead. Lightweight forms of virtualisation, like containers, aim to mitigate this limitation. Furthermore, they allow the agile composition of complex services. These characteristics make containers a suitable technology for NFV environment. A major concern towards the exploitation of containers is security. Since containers provide less isolation than virtual machines, they can expose the whole host to vulnerabilities. In this work we investigate container-related threats and propose a secure design for a Virtual Network Function deployed in a lightweight NFV environment.
File in questo prodotto:
File Dimensione Formato  
IJGUC_2020_02_DeBenedictis_Lioy_Smiraglia.pdf

non disponibili

Descrizione: Article (editorial version)
Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 408.44 kB
Formato Adobe PDF
408.44 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2736886