Future communication networks such as 5G are expected to support end-to-end delivery of services for several vertical markets with diverging requirements. Network slicing is a key construct that is used to provide end to end logical virtual networks running on a common virtualised infrastructure, which are mutually isolated. Having different network slices operating over the same 5G infrastructure creates several challenges in security and trust. This paper addresses the fundamental issue of trust of a network slice. It presents a trust model and property-based trust attestation mechanisms, which can be used to evaluate the trust of the virtual network functions that compose the network slice. The proposed model helps to determine the trust of the virtual network functions, as well as the properties that should be satisfied by the virtual platforms (both at boot and run time), on which these network functions are deployed for them to be trusted. We present a logic-based language that defines simple rules for the specification of properties and the conditions under which these properties need to be satisfied for trusted virtualized platforms. The proposed trust model and mechanisms enable the service providers to determine the trustworthiness of the network services as well as the users to develop trustworthy applications. We have developed a trust management architecture that enables the service providers to determine the trustworthiness of the network slices providing the network services. We have implemented a prototype of the trust management architecture using the Open Source MANO Platform and presented the performance results. The results show that our trust mechanisms cause only a slight reduction in the performance of network slices over virtualized infrastructure. We have also discussed how the proposed architecture can be used to detect and mitigate the impact of malicious virtual network functions in a dynamic manner.
Read full abstract