NFVGuard: Verifying the Security of Multilevel Network Functions Virtualization (NFV) Stack

2020 IEEE International Conference on Cloud Computing Technology and Science (CloudCom) Pub Date : 2020-12-01 DOI:10.1109/CloudCom49646.2020.00003

Alaa Oqaily, Sudershan L T, Yosr Jarraya, Suryadipta Majumdar, Mengyuan Zhang, M. Pourzandi, Lingyu Wang, M. Debbabi

{"title":"NFVGuard: Verifying the Security of Multilevel Network Functions Virtualization (NFV) Stack","authors":"Alaa Oqaily, Sudershan L T, Yosr Jarraya, Suryadipta Majumdar, Mengyuan Zhang, M. Pourzandi, Lingyu Wang, M. Debbabi","doi":"10.1109/CloudCom49646.2020.00003","DOIUrl":null,"url":null,"abstract":"Network Functions Virtualization (NFV) enables agile and cost-effective deployment of multi-tenant network services on top of a cloud infrastructure. However, the multi-tenant and multilevel nature of NFV may lead to novel security challenges, such as stealthy attacks exploiting potential inconsistencies between different levels of the NFV stacks. Consequently, the security compliance of a multilevel NFV stack cannot be sufficiently established using existing solutions, which typically focus on one level. Moreover, the naive approach of separately verifying every level could be expensive or even infeasible. In this paper, we propose, NFVGuard, the first multilevel approach to the formal security verification of NFV stacks. Our key idea is to conduct the security verification at only one level, and then assure that verification result for other levels by verifying the consistency between adjacent levels. We integrate NFVGuard with OpenStack/Tacker, a popular platform for the NFV deployment, and experimentally evaluate its effectiveness.","PeriodicalId":401135,"journal":{"name":"2020 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)","volume":"2000 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CloudCom49646.2020.00003","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Network Functions Virtualization (NFV) enables agile and cost-effective deployment of multi-tenant network services on top of a cloud infrastructure. However, the multi-tenant and multilevel nature of NFV may lead to novel security challenges, such as stealthy attacks exploiting potential inconsistencies between different levels of the NFV stacks. Consequently, the security compliance of a multilevel NFV stack cannot be sufficiently established using existing solutions, which typically focus on one level. Moreover, the naive approach of separately verifying every level could be expensive or even infeasible. In this paper, we propose, NFVGuard, the first multilevel approach to the formal security verification of NFV stacks. Our key idea is to conduct the security verification at only one level, and then assure that verification result for other levels by verifying the consistency between adjacent levels. We integrate NFVGuard with OpenStack/Tacker, a popular platform for the NFV deployment, and experimentally evaluate its effectiveness.

查看原文本刊更多论文

NFVGuard: NFV (multi - level Network Functions Virtualization)栈安全性验证

网络功能虚拟化(NFV)支持在云基础设施之上灵活且经济高效地部署多租户网络服务。然而，NFV的多租户和多层次特性可能会导致新的安全挑战，例如利用不同级别NFV堆栈之间潜在的不一致性的隐蔽攻击。因此，使用现有的解决方案无法充分建立多层NFV堆栈的安全遵从性，这些解决方案通常只关注一个级别。此外，单独验证每个级别的天真方法可能是昂贵的，甚至是不可行的。在本文中，我们提出了NFVGuard，这是对NFV堆栈进行正式安全验证的第一个多层方法。我们的关键思想是只在一个级别进行安全验证，然后通过验证相邻级别之间的一致性来确保其他级别的验证结果。我们将NFVGuard与OpenStack/Tacker(一种流行的NFV部署平台)集成在一起，并对其有效性进行实验评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)

自引率

0.00%

发文量