Optimal Access Control Deployment in Network Function Virtualization

Network function virtualization (NFV) yields numerous advantages, specifically the ability to provide a cost-efficient alternative to hardware-based functionalities on software platforms to break the vendor lock-in problem. However, these advantages come at the cost of several security issues. These threats can be leveraged by controlling the information that flows between the different components that compose NFV services. We propose an approach allowing an optimal deployment of access control policies on NFV services. The proposed approach allows to find the best possible trade-offs between the impact in terms of latency resulting from the deployment of the access control policy and the used resources. In contrast to existing approaches, our solution prevents an insider adversary who compromises one or more unknown VNF(s) to go around the access control policy. We experimentally evaluate the return solutions according to the size of the NFV service, the size of the policy to be deployed and the number of physical servers that host the VNF service.