Abstract
Network Function Virtualization (NFV) holds a great promise as it provides flexibility and scalability, reduces costs, and promotes innovation (by moving from hardware-based middleboxes to software-based virtual network functions). These benefits, however, expose network functions to security vulnerabilities. In this paper, we investigate two such attack vectors: algorithmic complexity Denial of Service (DoS) attacks and attacks due to co-residency, which include side-channel attacks and DoS attacks on a specific machine. We propose Moving Target Defense (MTD) mechanisms-which force an attacker to cope with frequent changes ongoing within the targeted network function to carry out a successful attack through the above-mentioned attack vectors. For algorithmic complexity DoS attacks, we show a mechanism that proactively and reactively switches between different implementations of the network function. Thus, eliminating the certainty of the attacker regarding the targeted implementation. For co-residency attacks, we show a framework to efficiently migrate the virtual network function state without migrating the entire virtual machine, which is prohibitive in such a challenging setting. Our experiments show that both mechanisms can counteract these attack vectors and provide significantly better performance than state-of-the-art solutions.
Original language | English |
---|---|
Title of host publication | Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020 |
Subtitle of host publication | Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
ISBN (Electronic) | 9781728149738 |
DOIs | |
State | Published - Apr 2020 |
Event | 2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020 - Budapest, Hungary Duration: 20 Apr 2020 → 24 Apr 2020 |
Publication series
Name | Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020 |
---|
Conference
Conference | 2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020 |
---|---|
Country/Territory | Hungary |
City | Budapest |
Period | 20/04/20 → 24/04/20 |
Bibliographical note
Publisher Copyright:© 2020 IEEE.