Title: Towards a secure and lightweight network function virtualisation environment

Authors: Marco De Benedictis; Antonio Lioy; Paolo Smiraglia

Addresses: Politecnico di Torino, Dip. Automatica e Informatica, Corso Duca degli Abruzzi 24, 10129, Torino, Italy ' Politecnico di Torino, Dip. Automatica e Informatica, Corso Duca degli Abruzzi 24, 10129, Torino, Italy ' Via Barletta 92, 10136 Torino, Italy

Abstract: Cloud computing has deeply affected the structure of modern ICT infrastructures. It represents an enabling technology for novel paradigms such as Network Function Virtualisation (NFV), which proposes the virtualisation of network functions to enhance the flexibility of networks and to reduce the costs of infrastructure management. Besides potential benefits, NFV inherits the limitations of traditional virtualisation where the isolation of resources comes at the cost of a performance overhead. Lightweight forms of virtualisation, like containers, aim to mitigate this limitation. Furthermore, they allow the agile composition of complex services. These characteristics make containers a suitable technology for NFV environment. A major concern towards the exploitation of containers is security. Since containers provide less isolation than virtual machines, they can expose the whole host to vulnerabilities. In this work, we investigate container-related threats and propose a secure design for a Virtual Network Function deployed in a lightweight NFV environment.

Keywords: security; lightweight virtualisation; container; network function virtualisation; NFV; mandatory access control; SELinux; Docker.

DOI: 10.1504/IJGUC.2020.105539

International Journal of Grid and Utility Computing, 2020 Vol.11 No.2, pp.243 - 252

Received: 09 Nov 2018
Accepted: 06 Mar 2019

Published online: 03 Mar 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article