Page 285 - Kaleidoscope Academic Conference Proceedings 2024
P. 285
NETWORK VIRTUALIZATION SECURITY: THREATS, MEASURES, AND USE CASES
1
1
2
1
Qin, Qiu ; Sijia, Xu ; Shenglan, Liu ; Tianni Xu ; Bei Zhao 2
1 China Mobile Communications Group Co., Ltd, China.
2 China Mobile Group Design Institute Co., Ltd, China.
ABSTRACT The application of new technologies such as SDN and NFV
has driven the continuous development of network
With the rapid development of technologies such as 5G, technology, bringing revolutionary changes to network
cloud computing, and big data, network virtualization virtualization. ISO/IEC 27033-7 considers the
technology has been widely applied, effectively improving characteristics of network virtualization technology, and
the utilization of resources such as computing, storage, and summarizes the changes in network virtualization include:
network, as well as the flexibility of IT systems or networks,
reducing system maintenance costs. However, at the same • Introduced a centralized controller. The NFV
time, the complexity of network virtualization environment orchestrator is responsible for infrastructure and
makes security threats more covert and diverse, and resource allocation, scheduling, and lifecycle
traditional security protection methods are difficult to cope management, while the SDN controller is responsible
with, which also brings many security risks. This article for network topology and virtual data link
analyzes the current development status and related work management.
of network virtualization, sorts out the security threats of
network virtualization, summarizes the characteristics and
architecture of network virtualization technology, and • Virtual network elements’ behavior is guided by a
further introduces the security measures and typical use controller, which are different from physical
cases of network virtualization, which can be used to guide components . Software, services, and functions
and promote network virtualization security. running on virtualization infrastructure can be
deployed as needed, demonstrating extremely high
Keywords – network virtualization, security threats, flexibility and response speed.
security measures
• The data link has been changed. In addition to
1. INTRODUCTION physical data links, new technologies such as SDN
and SFC can also provide efficient virtualized data
1.1 Trend of development links according to application requirements, which
will improve the efficiency of internal data
Traditional communication networks adopt relatively transmission in the system.
centralized network architectures, streamlined network
construction and operation models, which are difficult to Table 1- Abbreviations Table
support the development of network scale. SDN/NFV
technology is driving the transformation of communication Abbrevia Full name
networks, moving them towards virtualized networks, tions
achieving agile development and iteration, dynamic 5G 5th generation mobile network
resource allocation, and elastic scalability of ACL Access control list
communication networks. API Application programming interface
AV Anti virus
While network virtualization technology brings a series of DoS Denial of service
conveniences, the new features and changes it introduces
also bring security risks. It is necessary to analyze its DDoS Distributed denial of service
characteristics and propose relevant response strategies to ETSI European Telecommunications Standards
promote the security and sustainable development of the Institute
telecommunication and Internet industries. IDS Intrusion detection system
IEC International Electrotechnical Commission
1.2 Characteristics of Network Virtualization IPS Intrusion prevention system
978-92-61-39091-4/CFP2268P @ITU 2024 – 241 – Kaleidoscope