Authors: Marco De Benedictis; Antonio Lioy; Paolo Smiraglia
Addresses: Politecnico di Torino, Dip. Automatica e Informatica, Corso Duca degli Abruzzi 24, 10129, Torino, Italy ' Politecnico di Torino, Dip. Automatica e Informatica, Corso Duca degli Abruzzi 24, 10129, Torino, Italy ' Via Barletta 92, 10136 Torino, Italy
Abstract: Cloud computing has deeply affected the structure of modern ICT infrastructures. It represents an enabling technology for novel paradigms such as Network Function Virtualisation (NFV), which proposes the virtualisation of network functions to enhance the flexibility of networks and to reduce the costs of infrastructure management. Besides potential benefits, NFV inherits the limitations of traditional virtualisation where the isolation of resources comes at the cost of a performance overhead. Lightweight forms of virtualisation, like containers, aim to mitigate this limitation. Furthermore, they allow the agile composition of complex services. These characteristics make containers a suitable technology for NFV environment. A major concern towards the exploitation of containers is security. Since containers provide less isolation than virtual machines, they can expose the whole host to vulnerabilities. In this work, we investigate container-related threats and propose a secure design for a Virtual Network Function deployed in a lightweight NFV environment.
Keywords: security; lightweight virtualisation; container; network function virtualisation; NFV; mandatory access control; SELinux; Docker.
International Journal of Grid and Utility Computing, 2020 Vol.11 No.2, pp.243 - 252
Received: 09 Nov 2018
Accepted: 06 Mar 2019
Published online: 03 Feb 2020 *