Incorporating trust in NFV: Addressing the challenges

Ravidas, Sowmya; Lal, Shankar; Oliver, Ian; Hippelainen, Leo

doi:10.1109/icin.2017.7899394

Cited by 20 publications

(9 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As described in [12], determining the VNF package integrity is a critical challenge in the setup of a trusted NFV environment. BUNKER addresses this challenge successfully without having to rely on an external Trusted Security Orchestrator (TSecO).…”

Section: Discussionmentioning

confidence: 99%

“…For example, with the myriad of novel Virtual Network Functions (VNF) being developed, it remains an open problem on how to ensure that the VNF package being acquired by end-users is not malicious and it was not tampered with. Research has been conducted in the NFV computing environment with the introduction of Trusted Platform Modules (TPM) and remote attestation services [12]. Although these systems are able to verify the state of the NFV environment, they rely on a central database to verify the VNF's package integrity.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

BUNKER: A Blockchain-based trUsted VNF pacKagE Repository

Scheid

Keller

Franco

et al. 2019

Economics of Grids, Clouds, Systems, and Services

View full text Add to dashboard Cite

Current projects applying blockchain technology to enhance the trust of NFV environments do not consider the VNF repository. However, the blockchain's properties can enhance trust by allowing to verify a VNF package's integrity without relying (a) on a Trusted Third Party (TTP) for remote attestation or (b) a secure database. This paper presents BUNKER, a Blockchain-based trUsted VNF packagE Repository, intended to be integrated with traditional database-based package verification environments, acting as a trusted repository containing VNF package information. Moreover, BUNKER allows users to acquire VNFs without the need of a TTP using an Ethereum Smart Contract (SC). The SC automatically transfers license fees to the vendor once a VNF is acquired, and sends the VNF package's link to the buyer before verifying its integrity.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

BUNKER: A Blockchain-based trUsted VNF pacKagE Repository

Scheid

Keller

Franco

et al. 2019

Economics of Grids, Clouds, Systems, and Services

View full text Add to dashboard Cite

show abstract

“…Using the attestation server in this mode we can also see the lifetime of the integrity checking process in Figure 3. Here we see that once the machine is running successfully or is in a state where it can respond to the attestation server it can answer any request made [14]. The problem here however is that while this is known as "run-time" attestation, it is little more than occasional polling and re-measurement of already known and measured components.…”

Section: Multiple Machine Trustmentioning

confidence: 98%

Experiences in Trusted Cloud Computing

Oliver

Holtmanns

Lal

2018

JICTS

Self Cite

View full text Add to dashboard Cite

While trusted computing is a well-known technology, its role has been limited in scope and to single machines. The advent of cloud computing, its role as critical infrastructure and the requirement for trust between the users of computing resources combines to form a perfect environment for trusted and high-integrity computing. Indeed, the use of trusted computing is an enabling technology over nearly all 'cyber' areas: secure supply chain management, privacy and critical data protection, data sovereignty, cyber defence, legal etc. To achieve this generalization, we must fundamentally redefine what we mean by trusted and high-integrity computing. We are required to go beyond the boot-time trust and rethink notions of run-time trust, partial trust, how systems are constructed, the trust between management and operations, compute and storage infrastructure and the dynamic provisioning of services by external parties. While attestation technologies, so-called run-time trust and virtualized TPM are being brought to the fore, adopting these does not solve any of the fundamental problems of trust in the cloud.

show abstract

“…Similarly, the Software-Defined Network (SDN) used to steer the users' packets through their vNSFs is also attested to ensure the correct vNSFs chain is applied for each user. The application of attestation mechanisms to NFV is a topic which is gaining increasing interest by the community [6].…”

Section: The Shield Conceptmentioning

confidence: 99%

SHIELD: A novel NFV-based cybersecurity framework

Gardikis

Tzoulas

Tripolitis

et al. 2017

2017 IEEE Conference on Network Softwarization (NetSoft)

View full text Add to dashboard Cite

SHIELD is an EU-funded project, targeting at the design and development of a novel cybersecurity framework, which offers security-as-a-Service in an evolved telco environment. The SHIELD framework leverages NFV (Network Functions Virtualization) and SDN (Software-Defined Networking) for virtualization and dynamic placement of virtualised security appliances in the network (virtual Network Security Functions-vNSFs), Big Data analytics for real-time incident detection and mitigation, as well as attestation techniques for securing both the infrastructure and the services. This papers discusses key use cases and requirements for the SHIELD framework and presents a high-level architectural approach.

show abstract

Incorporating trust in NFV: Addressing the challenges

Cited by 20 publications

References 8 publications

BUNKER: A Blockchain-based trUsted VNF pacKagE Repository

BUNKER: A Blockchain-based trUsted VNF pacKagE Repository

Experiences in Trusted Cloud Computing

SHIELD: A novel NFV-based cybersecurity framework

Contact Info

Product

Resources

About