Archivio Istituzionale della RicercaCloud computing has deeply affected the structure of modern ICT infrastructures. It represents an enabling technology for novel paradigms such as Network Function Virtualisation (NFV). This approach proposes the virtualisation of network functions to enhance the flexibility of networks and to reduce the costs of infrastructure management. Besides potential benefits, NFV inherits the limitations of traditional virtualisation where the isolation of resources comes at the cost of a performance overhead. Lightweight forms of virtualisation, like containers, aim to mitigate this limitation. Furthermore, they allow the agile composition of complex services. These characteristics make containers a suitable technology for NFV environment. A major concern towards the exploitation of containers is security. Since containers provide less isolation than virtual machines, they can expose the whole host to vulnerabilities. In this work we investigate container-related threats and propose a secure design for a Virtual Network Function deployed in a lightweight NFV environment.
Towards a secure and lightweight Network Function Virtualisation environment / De Benedictis, M.; Lioy, A.; Smiraglia, P.. - In: INTERNATIONAL JOURNAL OF GRID AND UTILITY COMPUTING. - ISSN 1741-847X. - STAMPA. - 11:2(2020), pp. 243-252. [10.1504/IJGUC.2020.105539]
Towards a secure and lightweight Network Function Virtualisation environment
M. De Benedictis;A. Lioy;P. Smiraglia
2020
Abstract
Cloud computing has deeply affected the structure of modern ICT infrastructures. It represents an enabling technology for novel paradigms such as Network Function Virtualisation (NFV). This approach proposes the virtualisation of network functions to enhance the flexibility of networks and to reduce the costs of infrastructure management. Besides potential benefits, NFV inherits the limitations of traditional virtualisation where the isolation of resources comes at the cost of a performance overhead. Lightweight forms of virtualisation, like containers, aim to mitigate this limitation. Furthermore, they allow the agile composition of complex services. These characteristics make containers a suitable technology for NFV environment. A major concern towards the exploitation of containers is security. Since containers provide less isolation than virtual machines, they can expose the whole host to vulnerabilities. In this work we investigate container-related threats and propose a secure design for a Virtual Network Function deployed in a lightweight NFV environment.
| File | Dimensione | Formato | |
|---|---|---|---|
|
IJGUC_2020_02_DeBenedictis_Lioy_Smiraglia.pdf
non disponibili
Descrizione: Article (editorial version)
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
408.44 kB
Formato
Adobe PDF
|
408.44 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2736886