Nowadays, there is a growing inclination towards network softwarization, wherein functions once handled by specialized hardware are now executed as software components on general-purpose nodes. This can be achieved with Network Function Virtualization (NFV) and Software-Defined Networking (SDN), offering advantages such as flexibility and reduced equipment costs. However, these paradigms, reliant on software and operating as a distributed system, introduce security challenges, including threats to software integrity through network or physical manipulation. To address these concerns, Remote Attestation techniques can be employed to enable a party to assess the software and configuration integrity of a network node. In complex network environments, different attestation frameworks may be deployed, depending on the type of hardware and software to be attested. To streamline this process, we present an extended design and implementation of our Trust Monitor architecture, implementing the Trust Manager defined by ETSI for NFV environments. This enhances flexibility by supporting the integration of multiple attestation frameworks based on different technologies. We present also how the Trust Monitor integrates into the IETF RATS architecture and how it interacts with its other elements. Through experimental tests, we demonstrate that the proposed implementation is scalable and effective in attesting both physical and virtual entities, such as Kubernetes pods.

Integrity Management in Softwarized Networks / Bravi, Enrico; Lioy, Antonio; Berbecaru, DIANA GRATIELA. - STAMPA. - (In corso di stampa). (Intervento presentato al convegno IEEE/IFIP Network Operations and Management Symposium tenutosi a Seoul (South Korea) nel June 6-10, 2024).

Integrity Management in Softwarized Networks

Enrico Bravi;Antonio Lioy;Diana Gratiela Berbecaru
In corso di stampa

Abstract

Nowadays, there is a growing inclination towards network softwarization, wherein functions once handled by specialized hardware are now executed as software components on general-purpose nodes. This can be achieved with Network Function Virtualization (NFV) and Software-Defined Networking (SDN), offering advantages such as flexibility and reduced equipment costs. However, these paradigms, reliant on software and operating as a distributed system, introduce security challenges, including threats to software integrity through network or physical manipulation. To address these concerns, Remote Attestation techniques can be employed to enable a party to assess the software and configuration integrity of a network node. In complex network environments, different attestation frameworks may be deployed, depending on the type of hardware and software to be attested. To streamline this process, we present an extended design and implementation of our Trust Monitor architecture, implementing the Trust Manager defined by ETSI for NFV environments. This enhances flexibility by supporting the integration of multiple attestation frameworks based on different technologies. We present also how the Trust Monitor integrates into the IETF RATS architecture and how it interacts with its other elements. Through experimental tests, we demonstrate that the proposed implementation is scalable and effective in attesting both physical and virtual entities, such as Kubernetes pods.
In corso di stampa
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2985674