Multilevel Security Framework for NFV Based on Software Defined Perimeter

Abstract

The rapid increase in global IP traaffic and the adoption of mobile devices have challenged network service providers to scale and improve infrastructure to meet this new demand. To improve return on investment for scaling networking infrastructure and capitalize on advancements in virtualization technologies, Network Function Virtualization (NFV) has been proposed. NFV does present some newfound security challenges, however, by combining elements of networking and virtualization technology. These challenges include protecting against attacks like remote hypervisor attacks, Denial of Service (DoS) attacks, Virtual Machine (VM) Hopping, and port scanning. Software- Defined Perimeter (SDP) is proposed as a framework to provide logical perimeters around these services, restricting network access and connections to the SDP-enabled Virtual Network Functions (VNFs) to trusted clients only. Several security benefits present themselves as a result of a combined NFV-SDP architecture. The deployment and access control are customize-able, catering to a wide array of user needs. The aforementioned proposed architecture was tested within a virtual environment. The test results show that the combined architecture is indeed resistant to DoS attacks. Additionally, the results lead to a discussion regarding future research and implementation potentials for this architecture.