Modeling and Mitigating Security Threats in Network Functions Virtualization (NFV)

被引:5
|
作者
Alhebaishi, Nawaf [1 ,2 ]
Wang, Lingyu [1 ]
Jajodia, Sushil [3 ]
机构
[1] Concordia Univ, Concordia Inst Informat Syst Engn, Montreal, PQ, Canada
[2] King Abdulaziz Univ, Fac Comp & Informat Technol, Jeddah, Saudi Arabia
[3] George Mason Univ, Ctr Secure Informat Syst, Fairfax, VA USA
来源
DATA AND APPLICATIONS SECURITY AND PRIVACY XXXIV, DBSEC 2020 | 2020年 / 12122卷
基金
美国国家科学基金会; 加拿大自然科学与工程研究理事会;
关键词
ZERO DAY SAFETY; INSIDER THREAT; CO-RESIDENCY; CLOUD; RISK;
D O I
10.1007/978-3-030-49669-2_1
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
By virtualizing proprietary hardware networking devices, Network Functions Virtualization (NFV) allows agile and cost-effective deployment of diverse network services for multiple tenants on top of the same physical infrastructure. As NFV relies on virtualization, and as an NFV stack typically involves several levels of abstraction and multiple co-resident tenants, this new technology also unavoidably leads to new security threats. In this paper, we take the first step toward modeling and mitigating security threats unique to NFV. Specifically, we model both cross-layer and co-residency attacks on the NFV stack. Additionally, we mitigate such threats through optimizing the virtual machine (VM) placement with respect to given constraints. The simulation results demonstrate the effectiveness of our solution.
引用
收藏
页码:3 / 23
页数:21
相关论文
共 50 条
  • [1] NFVGuard: Verifying the Security of Multilevel Network Functions Virtualization (NFV) Stack
    Oqaily, Alaa
    Sudershan, L. T.
    Jarraya, Yosr
    Majumdar, Suryadipta
    Zhang, Mengyuan
    Pourzandi, Makan
    Wang, Lingyu
    Debbabi, Mourad
    [J]. 2020 IEEE INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM 2020), 2020, : 33 - 40
  • [2] SecMANO: Towards Network Functions Virtualization (NFV) based Security MANagement and Orchestration
    Pattaranantakul, Montida
    He, Ruan
    Meddahi, Ahmed
    Zhang, Zonghua
    [J]. 2016 IEEE TRUSTCOM/BIGDATASE/ISPA, 2016, : 598 - 605
  • [3] Recent activities on network functions virtualization (NFV)
    1st Carrier Services Division, NEC Corporation, Tokyo, Japan
    [J]. J. Inst. Electron. Inf. Commun. Eng., 3 (225-231):
  • [4] SecRouting: Secure Routing for Network Functions Virtualization (NFV) Technology
    Xue, Peilei
    Jiang, Zhongyuan
    [J]. IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II-EXPRESS BRIEFS, 2022, 69 (03) : 1727 - 1731
  • [5] Security challenges with network functions virtualization
    Firoozjaei, Mahdi Daghmehchi
    Jeong, Jaehoon
    Jo, Hoon
    Kim, Hyoungshick
    [J]. FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2017, 67 : 315 - 324
  • [6] A Survey on Security in Network Functions Virtualization
    Yang, Wei
    Fung, Carol
    [J]. 2016 IEEE NETSOFT CONFERENCE AND WORKSHOPS (NETSOFT), 2016, : 15 - 19
  • [7] Mitigating Security Threats to Large-Scale Cross Border Virtualization Infrastructures
    Massonet, Philippe
    Naqvi, Syed
    Tusa, Francesco
    Villari, Massimo
    Latanicki, Joseph
    [J]. CLOUD COMPUTING, 2010, 34 : 73 - 82
  • [8] MLFM: Machine Learning Meets Formal Method for Faster Identification of Security Breaches in Network Functions Virtualization (NFV)
    Oqaily, Alaa
    Jarraya, Yosr
    Wang, Lingyu
    Pourzandi, Makan
    Majumdar, Suryadipta
    [J]. COMPUTER SECURITY - ESORICS 2022, PT III, 2022, 13556 : 466 - 489
  • [9] Mitigating IoT Security Threats with a Trusted Network Element
    Kuusijarvi, Jarkko
    Savola, Reijo
    Savolainen, Pekka
    Evesti, Antti
    [J]. 2016 11TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST), 2016, : 260 - 265
  • [10] A Survey on Interfaces to Network Security Functions in Network Virtualization
    Jang, Hyunsu
    Jeong, Jaehoon
    Kim, Hyoungshick
    Park, Jung-Soo
    [J]. 2015 IEEE 29TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS WORKSHOPS WAINA 2015, 2015, : 160 - 163
12345