A first step towards security extension for NFV orchestrators

Abstract : Network Functions Virtualization (NFV) has recently emerged as one of the new networking paradigms to significantly change the way that the networks and services are deployed, managed, and operated. One of the major advantages of NFV is to reduce hardware cost, meanwhile increasing service agility and scalability. Recently, there are many platforms for NFV management and orchestration (MANO) are available, however few of them contains dedicated modules or components for security management. This paper is intended to study the feasibility of extending the current NFV orchestrator to have the capability of managing security mechanisms. To do that, we propose a security extension module based on TOSCA data model which is commonly used by NFV MANO architecture. We then develop an access control use case to illustrate the usage of our proposed security extension. Specifically, we integrate the security extension into the Moon framework, which can automatically verify security attributes, generate access control policies, and further enforce the policies through the underlying infrastructure according to the high-level security policies. The preliminary results show that our security extension can work together with the NFV orchestrator to enable fine-grained access control to protect resources and services
Type de document :
Communication dans un congrès
SDN-NFVSec 2017 : International Workshop on Security in Software Defined Networks & Network Function Virtualization , Mar 2017, Scottsdale, United States. ACM, Proceedings SDN-NFVSec 2017 : International Workshop on Security in Software Defined Networks & Network Function Virtualization pp.25 - 30, 2017, 〈10.1145/3040992.3040995〉
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01738743
Contributeur : Médiathèque Télécom Sudparis & Institut Mines-Télécom Business School <>
Soumis le : mardi 20 mars 2018 - 17:23:12
Dernière modification le : jeudi 24 janvier 2019 - 01:16:13

Identifiants

Citation

Montida Pattaranantakul, Yuchia Tseng, Ruan He, Zonghua Zhang, Ahmed Meddahi. A first step towards security extension for NFV orchestrators. SDN-NFVSec 2017 : International Workshop on Security in Software Defined Networks & Network Function Virtualization , Mar 2017, Scottsdale, United States. ACM, Proceedings SDN-NFVSec 2017 : International Workshop on Security in Software Defined Networks & Network Function Virtualization pp.25 - 30, 2017, 〈10.1145/3040992.3040995〉. 〈hal-01738743〉

Partager

Métriques

Consultations de la notice

86