Page 285 - Kaleidoscope Academic Conference Proceedings 2024
P. 285

NETWORK VIRTUALIZATION SECURITY: THREATS, MEASURES, AND USE CASES




                                                                           1
                                                    1
                                                                 2
                                           1
                                    Qin, Qiu ; Sijia, Xu ; Shenglan, Liu ; Tianni Xu ; Bei Zhao 2
                                      1 China Mobile Communications Group Co., Ltd, China.
                                       2 China Mobile Group Design Institute Co., Ltd, China.



                              ABSTRACT                        The application of new technologies such as SDN and NFV
                                                              has driven the continuous development of network
           With the rapid development of technologies such as 5G,  technology, bringing revolutionary changes to network
           cloud computing, and big data, network virtualization  virtualization.  ISO/IEC  27033-7  considers  the
           technology has been widely applied, effectively improving  characteristics of network virtualization technology, and
           the utilization of resources such as computing, storage, and  summarizes the changes in network virtualization include:
           network, as well as the flexibility of IT systems or networks,
           reducing system maintenance costs. However, at the same  •  Introduced  a  centralized  controller.  The  NFV
           time, the complexity of network virtualization environment  orchestrator is responsible for infrastructure and
           makes security threats more covert and diverse, and    resource  allocation,  scheduling,  and  lifecycle
           traditional security protection methods are difficult to cope  management, while the SDN controller is responsible
           with, which also brings many security risks. This article  for  network  topology  and  virtual  data  link
           analyzes the current development status and related work  management.
           of network virtualization, sorts out the security threats of
           network virtualization, summarizes the characteristics and
           architecture of network virtualization technology, and  •  Virtual network elements’ behavior is guided by a
           further introduces the security measures and typical use  controller,  which  are  different  from  physical
           cases of network virtualization, which can be used to guide  components . Software, services, and functions
           and promote network virtualization security.           running on virtualization infrastructure can be
                                                                  deployed as needed, demonstrating extremely high
              Keywords – network virtualization, security threats,  flexibility and response speed.
                            security measures
                                                              •   The data link has been changed. In addition to
                         1.  INTRODUCTION                         physical data links, new technologies such as SDN
                                                                  and SFC can also provide efficient virtualized data
           1.1   Trend of development                             links according to application requirements, which
                                                                  will  improve  the  efficiency  of  internal  data
           Traditional communication networks adopt relatively    transmission in the system.
           centralized network architectures, streamlined network
           construction and operation models, which are difficult to      Table 1- Abbreviations Table
           support the development of network scale. SDN/NFV
           technology is driving the transformation of communication  Abbrevia         Full name
           networks, moving them towards virtualized networks,   tions
           achieving agile development and iteration, dynamic  5G        5th generation mobile network
           resource  allocation,  and  elastic  scalability  of  ACL     Access control list
           communication networks.                             API       Application programming interface
                                                               AV        Anti virus
           While network virtualization technology brings a series of  DoS  Denial of service
           conveniences, the new features and changes it introduces
           also bring security risks. It is necessary to analyze its  DDoS  Distributed denial of service
           characteristics and propose relevant response strategies to  ETSI  European Telecommunications Standards
           promote the security and sustainable development of the       Institute
           telecommunication and Internet industries.          IDS       Intrusion detection system
                                                               IEC       International Electrotechnical Commission
           1.2   Characteristics of Network Virtualization     IPS       Intrusion prevention system





             978-92-61-39091-4/CFP2268P @ITU 2024         – 241 –                                   Kaleidoscope
   280   281   282   283   284   285   286   287   288   289   290