NFV Security Survey: From Use Case Driven Threat Analysis to State-of-the-Art Countermeasures

摘要

Network functions virtualization (NFV), along with software-defined networking (SDN), drives a new change in networking infrastructure with respect to designing, deploying, and managing various network services. In particular, NFV has potential to significantly reduce the hardware cost, greatly improve operational efficiency, and dramatically shorten the development lifecycle of network service. It also makes network functions and services much more adaptive and scalable. Despite the promising advantages of NFV, security remains to be one of the vital concerns and potential hurdle, as attack surface becomes unclear and defense line turns to be blurred in the virtualization environment. This survey is therefore devoted to analyzing NFV from a security perspective. We first analyze security threats of five well-defined NFV use cases, with an objective to establishing a comprehensive layer-specific threat taxonomy. Second, we conduct in-depth comparative studies on several security mechanisms that are applied in traditional scenarios and in NFV environments. The purpose is to analyze their implicit relationships with NFV performance objectives in terms of feasibility, agility, effectiveness, and so on. Third, based on the established threat taxonomy and the analyzed security mechanisms, we provide a set of recommendations on securing NFV based services, along with the analysis on the state-of-the-art security countermeasures. A resulting holistic security framework is intended to lay a foundation for NFV service providers to deploy adaptive, scalable, and cost-effective security hardening based on their particular needs. Some future research directions are finally discussed.