Moving Target Defense for Virtual Network Functions

Reuven Peretz, Shlomo Shenzis, David Hay

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

Network Function Virtualization (NFV) holds a great promise as it provides flexibility and scalability, reduces costs, and promotes innovation (by moving from hardware-based middleboxes to software-based virtual network functions). These benefits, however, expose network functions to security vulnerabilities. In this paper, we investigate two such attack vectors: algorithmic complexity Denial of Service (DoS) attacks and attacks due to co-residency, which include side-channel attacks and DoS attacks on a specific machine. We propose Moving Target Defense (MTD) mechanisms-which force an attacker to cope with frequent changes ongoing within the targeted network function to carry out a successful attack through the above-mentioned attack vectors. For algorithmic complexity DoS attacks, we show a mechanism that proactively and reactively switches between different implementations of the network function. Thus, eliminating the certainty of the attacker regarding the targeted implementation. For co-residency attacks, we show a framework to efficiently migrate the virtual network function state without migrating the entire virtual machine, which is prohibitive in such a challenging setting. Our experiments show that both mechanisms can counteract these attack vectors and provide significantly better performance than state-of-the-art solutions.

Original languageEnglish
Title of host publicationProceedings of IEEE/IFIP Network Operations and Management Symposium 2020
Subtitle of host publicationManagement in the Age of Softwarization and Artificial Intelligence, NOMS 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728149738
DOIs
StatePublished - Apr 2020
Event2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020 - Budapest, Hungary
Duration: 20 Apr 202024 Apr 2020

Publication series

NameProceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020

Conference

Conference2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020
Country/TerritoryHungary
CityBudapest
Period20/04/2024/04/20

Bibliographical note

Publisher Copyright:
© 2020 IEEE.

Fingerprint

Dive into the research topics of 'Moving Target Defense for Virtual Network Functions'. Together they form a unique fingerprint.

Cite this