Network Functions Virtualisation (NFV) is a novel paradigm for softwarisation of network functions that allows an operator to leverage large scale virtualisation to enhance availability and flexibility of typical network and security services offered to end users. Virtual Network Functions are proposed as an alternative to traditional hardware appliances, with the aim of reducing maintenance and upgrade costs and enhance the provisioning and on-demand placement of network functions. Although promising, this paradigm introduces relevant challenges in the field of security, as the attack surface of a virtualised architecture is larger than a traditional hardware-based network platform. In fact, not only it is affected by both generic threats of virtualisation and networking domains, it also introduces new threats due to the combination of these domains. In this work, we propose the design of a centralized monitoring and reporting solution to assess the trustworthiness of a NFV infrastructure, named Trust Monitor. Moreover, we present an open-source prototype for the proposed solution, which is tailored for the Security-as-a-Service use case and integrated with a reference NFV framework.

A proposal for trust monitoring in a Network Functions Virtualisation Infrastructure / De Benedictis, M.; Lioy, A.. - STAMPA. - (2019), pp. 1-9. (Intervento presentato al convegno IEEE Conference on Network Softwarization (NetSoft-2019) tenutosi a Paris (France) nel 24/6/2019) [10.1109/NETSOFT.2019.8806655].

A proposal for trust monitoring in a Network Functions Virtualisation Infrastructure

M. De Benedictis;A. Lioy
2019

Abstract

Network Functions Virtualisation (NFV) is a novel paradigm for softwarisation of network functions that allows an operator to leverage large scale virtualisation to enhance availability and flexibility of typical network and security services offered to end users. Virtual Network Functions are proposed as an alternative to traditional hardware appliances, with the aim of reducing maintenance and upgrade costs and enhance the provisioning and on-demand placement of network functions. Although promising, this paradigm introduces relevant challenges in the field of security, as the attack surface of a virtualised architecture is larger than a traditional hardware-based network platform. In fact, not only it is affected by both generic threats of virtualisation and networking domains, it also introduces new threats due to the combination of these domains. In this work, we propose the design of a centralized monitoring and reporting solution to assess the trustworthiness of a NFV infrastructure, named Trust Monitor. Moreover, we present an open-source prototype for the proposed solution, which is tailored for the Security-as-a-Service use case and integrated with a reference NFV framework.
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2736887
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo