. 2022 May 14;22(10):3750.

doi: 10.3390/s22103750.

Towards a Security Reference Architecture for NFV

Abdulrahman Khalid Alnaim¹, Ahmed Mahmoud Alwakeel^{2

3}, Eduardo B Fernandez⁴

Affiliations

¹ Department of Management Information Systems, King Faisal University, Hofuf 31982, Saudi Arabia.
² Sensor Network and Cellular Systems Research Center, University of Tabuk, Tabuk 71491, Saudi Arabia.
³ Department of Information Technology, University of Tabuk, Tabuk 71491, Saudi Arabia.
⁴ Department of Electrical Engineering and Computer Science, Florida Atlantic University, Boca Raton, FL 33431, USA.

PMID: 35632161
PMCID: PMC9146665
DOI: 10.3390/s22103750

Towards a Security Reference Architecture for NFV

Abdulrahman Khalid Alnaim et al. Sensors (Basel). 2022.

. 2022 May 14;22(10):3750.

doi: 10.3390/s22103750.

Authors

Abdulrahman Khalid Alnaim¹, Ahmed Mahmoud Alwakeel^{2

3}, Eduardo B Fernandez⁴

Affiliations

¹ Department of Management Information Systems, King Faisal University, Hofuf 31982, Saudi Arabia.
² Sensor Network and Cellular Systems Research Center, University of Tabuk, Tabuk 71491, Saudi Arabia.
³ Department of Information Technology, University of Tabuk, Tabuk 71491, Saudi Arabia.
⁴ Department of Electrical Engineering and Computer Science, Florida Atlantic University, Boca Raton, FL 33431, USA.

PMID: 35632161
PMCID: PMC9146665
DOI: 10.3390/s22103750

Abstract

Network function virtualization (NFV) is an emerging technology that is becoming increasingly important due to its many advantages. NFV transforms legacy hardware-based network infrastructure into software-based virtualized networks. This transformation increases the flexibility and scalability of networks, at the same time reducing the time for the creation of new networks. However, the attack surface of the network increases, which requires the definition of a clear map of where attacks may happen. ETSI standards precisely define many security aspects of this architecture, but these publications are very long and provide many details which are not of interest to software architects. We start by conducting threat analysis of some of the NFV use cases. The use cases serve as scenarios where the threats to the architecture can be enumerated. Representing threats as misuse cases that describe the modus operandi of attackers, we can find countermeasures to them in the form of security patterns, and we can build a security reference architecture (SRA). Until now, only imprecise models of NFV architectures existed; by making them more detailed and precise it is possible to handle not only security but also safety and reliability, although we do not explore those aspects. Because security is a global property that requires a holistic approach, we strongly believe that architectural models are fundamental to produce secure networks and allow us to build networks which are secure by design. The resulting SRA defines a roadmap to implement secure concrete architectures.

Keywords: ETSI; cloud computing; network function virtualization; patterns; reference architecture; security reference architecture; virtual machine environment; virtual network function.

PubMed Disclaimer

Conflict of interest statement

The authors declare no conflict of interest.

Figures

**Figure 1**
High-level NFV framework [3].

**Figure 2**
Pattern diagram for the NFV SRA.

**Figure 3**
Activity diagram for UC13 “Request Modify VNF” and UC20 “Consume a Network”.

**Figure 4**
Class diagram for privilege-escalation-based misuses in NFV [11].

**Figure 5**
Sequence diagram for MC1 unauthorized access to hardware resources based on privilege escalation of an attacker’s VM [11].

**Figure 6**
Class diagram for compromising VM via VM escape in NFV [12].

**Figure 7**
Sequence diagram for MC2: compromise a victim’s VM via VM escape [12].

**Figure 8**
Class diagram for DDoS attack in NFV [13].

**Figure 9**
Sequence diagram for MC3: distributed denial-of-service attack in NFV using DNS amplification attack.

**Figure 10**
A partial security reference architecture for NFV.

**Figure 11**
Sequence diagram for securely consume a network in NFV.

See this image and copyright information in PMC

References

1. Chiosi M., Clarke D., Willis P., Reid A., Feger J., Bugenhagen M., Khan W., Cui C., Deng H., Chen C. Network Functions Virtualisation (NFV): Network Operator Perspectives on Industry Progress; Proceedings of the SDN & OpenFlow World Congress; Düsseldorf, Germany. 14–17 October 2013.
1. ETSI . Network Functions Virtualisation (NFV); Infrastructure Overview. ETSI; Sophia Antipolis, France: 2015.
1. ETSI . Network Functions Virtualisation (NFV); Architectural Framework. ETSI; Sophia Antipolis, France: 2014.
1. Milenkoski A., Jaeger B., Raina K., Harris M., Chaudhry S., Chasiri S., David V., Liu W. Security Position Paper: Network Function Virtualization. Cloud Security Alliance-Virtualization Working Group; 2016. [(accessed on 30 April 2022)]. Available online: https://cloudsecurityalliance.org/artifacts/security-position-paper-netw...
1. Ahmad I., Kumar T., Liyanage M., Okwuibe J., Ylianttila M., Gurtov A. Overview of 5G Security Challenges and Solutions. IEEE Commun. Stand. Mag. 2018;2:36–43. doi: 10.1109/MCOMSTD.2018.1700063. - DOI

MeSH terms

Actions
Actions
Actions

Grants and funding

1443-001/Sensor Network and Cellular Systems Research Center (SNCS)

LinkOut - more resources

Full Text Sources

Save citation to file

Email citation

Add to Collections

Add to My Bibliography

Your saved search

Create a file for external citation management software

Your RSS Feed

Towards a Security Reference Architecture for NFV

Affiliations

Towards a Security Reference Architecture for NFV

Authors

Affiliations

Abstract

Conflict of interest statement

Figures

References

MeSH terms

Grants and funding

LinkOut - more resources

Full Text Sources