Archivio Istituzionale della RicercaNowadays, there is a growing inclination towards network softwarization, wherein functions once handled by specialized hardware are now executed as software components on general-purpose nodes. This can be achieved with Network Function Virtualization (NFV) and Software-Defined Networking (SDN), offering advantages such as flexibility and reduced equipment costs. However, these paradigms, reliant on software and operating as a distributed system, introduce security challenges, including threats to software integrity through network or physical manipulation. To address these concerns, Remote Attestation techniques can be employed to enable a party to assess the software and configuration integrity of a network node. In complex network environments, different attestation frameworks may be deployed, depending on the type of hardware and software to be attested. To streamline this process, we present an extended design and implementation of our Trust Monitor architecture, implementing the Trust Manager defined by ETSI for NFV environments. This enhances flexibility by supporting the integration of multiple attestation frameworks based on different technologies. We present also how the Trust Monitor integrates into the IETF RATS architecture and how it interacts with its other elements. Through experimental tests, we demonstrate that the proposed implementation is scalable and effective in attesting both physical and virtual entities, such as Kubernetes pods.
Integrity Management in Softwarized Networks / Bravi, Enrico; Lioy, Antonio; Berbecaru, DIANA GRATIELA. - STAMPA. - (2024). (Intervento presentato al convegno IEEE/IFIP Network Operations and Management Symposium tenutosi a Seoul (South Korea) nel June 6-10, 2024) [10.1109/NOMS59830.2024.10574994].
Integrity Management in Softwarized Networks
Enrico Bravi;Antonio Lioy;Diana Gratiela Berbecaru
2024
Abstract
Nowadays, there is a growing inclination towards network softwarization, wherein functions once handled by specialized hardware are now executed as software components on general-purpose nodes. This can be achieved with Network Function Virtualization (NFV) and Software-Defined Networking (SDN), offering advantages such as flexibility and reduced equipment costs. However, these paradigms, reliant on software and operating as a distributed system, introduce security challenges, including threats to software integrity through network or physical manipulation. To address these concerns, Remote Attestation techniques can be employed to enable a party to assess the software and configuration integrity of a network node. In complex network environments, different attestation frameworks may be deployed, depending on the type of hardware and software to be attested. To streamline this process, we present an extended design and implementation of our Trust Monitor architecture, implementing the Trust Manager defined by ETSI for NFV environments. This enhances flexibility by supporting the integration of multiple attestation frameworks based on different technologies. We present also how the Trust Monitor integrates into the IETF RATS architecture and how it interacts with its other elements. Through experimental tests, we demonstrate that the proposed implementation is scalable and effective in attesting both physical and virtual entities, such as Kubernetes pods.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Integrity_Management_in_Softwarized_Networks.pdf
non disponibili
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
1.4 MB
Formato
Adobe PDF
|
1.4 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2985674