Page 286 - Kaleidoscope Academic Conference Proceedings 2024
P. 286

2024 ITU Kaleidoscope Academic Conference




            ISO       International Organization for Standardization  3.  NETWORK VIRTUALIZATION SECURITY
            IT        Information technology                                       THREATS
            ITU       International Telecommunication Union
            MANO      Management and orchestration            With the rapid development and widespread application of
            NFV       Network function virtualization         network virtualization technology, its security issues are
                                                              increasingly receiving attention. Network virtualization
            NSaaS     Network Security as a Service           brings advantages in resource flexibility and business
            NVS       Network virtualization services         agility. At the same time, it also brings a series of security
            OMC       Operation maintenance centre            threats, including virus attacks, malware implantation,
            PoP       Point of presence                       information leakage, etc. [11-12], as shown in Figure 1.
            PKI       Public key infrastructure
            SDN       Software-defined networking
            SD-WAN    Software-defined wide-area network
            SFC       Service function chain
            VM        Virtual machine
            VMM       Virtual machine manager
            VNF       Virtual network function
            VNFM      Virtual network function manager
            vCPU      Virtual CPU
            vI/O      Virtual I/O
            vMemory   Virtual memory
            vRouter   Virtual router                             Figure 1- Network virtualization security threats
            vSwitch   Virtual switch
                                                              •   Virus attacks and malware implantation. In network
                         2.  RELATED WORK                         virtualization, the host operating system and client
                                                                  operating system of virtual network functions, SDN
           In recent years, network virtualization technology and its  controller software, MANO operating system, etc.
           security issues have received much attention. ETSI     might be attacked by viruses and malware.
           specifically released a series of standards on network
           virtualization [1-5]. In addition, ITU has also closely  •  Information leakage. After deleting the VM, if special
           explored related topics such as software defined network  "purification" processing is not performed on the data,
           frameworks [6]. Scholars have also conducted numerous  other business systems or malicious operation and
           studies on the security issues of network virtualization. In  maintenance personnel may obtain the original
           [7], a comprehensive investigation and sorting of the  business key information, thereby triggering sensitive
           current situation of network virtualization security was  data leakage.
           conducted. In [8], a detailed analysis was conducted on
           network function virtualization in multi-tenant cloud  •  Unauthorized  usage  and  access.  Unauthorized
           environments. [9] focus on the optimization of NFV chain  attackers may use and access data from MANO's VM
           deployment in software defined cellular cores. [10]    or API, as well as leveraging defects such as
           summarizes the challenges and opportunities faced by   incomplete isolation of VM resources and difficulties
           network virtualization and provides effective guidance for  in monitoring traffic between VMs, which may lead to
           the security development of network virtualization.    unauthorized access to VMs.

           The above related work analyzes the security risks of NFV,
           the security requirements of the host system and the  •  DoS and DDoS attacks. Attackers might use many
           security requirements of SDN, which can be used as a   switches to forward a large number of packets to the
           reference for virtual network security but does not involve  SDN controller, causing the SDN controller to be
           the virtual network security framework and systematic  subjected to (D) DoS attacks.
           security technical requirements.
                                                              •   Insider attacks. Malicious administrators might tamper
           This article will systematically analyze and propose   with images or change security configurations
           measures to solve the security threats of virtual network  intentionally, or make security misconfigurations
           infrastructure, virtual network function, and control and  (such as opening unnecessary ports on VNF) and
           management in virtual networks, and introduced some    launch attacks.
           network virtualization security use cases, which aims to
           provide reference for stakeholders to protect network  •  Forgery of transaction contents. The transaction
           virtualization security.                               content of VM can be tampered with by attackers, who
                                                                  can also forge network elements or other systems in





                                                          – 242 –
   281   282   283   284   285   286   287   288   289   290   291