Assuring virtual network function image integrity and host sealing in telco cloud

S. Lal, S. Ravidas, I. Oliver, T. Taleb

Research output: Contribution to conferencePaperAcademic

Abstract

In Telco cloud environment, virtual network func-
tions (VNFs) can be shipped in the form of virtual machine
images and hosted over commodity hardware. It is likely that
these VNF images will contain highly sensitive data and mission
critical network operations. For this reason, these VNF images
are prone to malicious tampering during shipping and even
after uploaded to the cloud image database. Furthermore, due to
various applications, there is a requirement from mobile network
operators to seal VNFs on specific platforms which satisfy
certain hardware and software configurations. This requires
cloud service providers to introduce some mechanisms to verify
VNF image integrity and host sealing before the instantiation of
VNFs. In this paper, we present a proof of concept demonstrated
with the help of an experimental setup to solve the above-
mentioned problems. We also evaluate the performance of the
envisioned setup and present some insights on its usability.
LanguageEnglish
Pages1-6
StatePublished - May 2017

Fingerprint

Hardware
Freight transportation
Virtual reality
Seals
Wireless networks
Virtual machine

Cite this

@conference{658680bb89e7497abbcc2da0b653c152,
title = "Assuring virtual network function image integrity and host sealing in telco cloud",
abstract = "In Telco cloud environment, virtual network func-tions (VNFs) can be shipped in the form of virtual machineimages and hosted over commodity hardware. It is likely thatthese VNF images will contain highly sensitive data and missioncritical network operations. For this reason, these VNF imagesare prone to malicious tampering during shipping and evenafter uploaded to the cloud image database. Furthermore, due tovarious applications, there is a requirement from mobile networkoperators to seal VNFs on specific platforms which satisfycertain hardware and software configurations. This requirescloud service providers to introduce some mechanisms to verifyVNF image integrity and host sealing before the instantiation ofVNFs. In this paper, we present a proof of concept demonstratedwith the help of an experimental setup to solve the above-mentioned problems. We also evaluate the performance of theenvisioned setup and present some insights on its usability.",
author = "S. Lal and S. Ravidas and I. Oliver and T. Taleb",
year = "2017",
month = "5",
language = "English",
pages = "1--6",

}

Assuring virtual network function image integrity and host sealing in telco cloud. / Lal, S.; Ravidas, S.; Oliver, I.; Taleb, T.

2017. 1-6.

Research output: Contribution to conferencePaperAcademic

TY - CONF

T1 - Assuring virtual network function image integrity and host sealing in telco cloud

AU - Lal,S.

AU - Ravidas,S.

AU - Oliver,I.

AU - Taleb,T.

PY - 2017/5

Y1 - 2017/5

N2 - In Telco cloud environment, virtual network func-tions (VNFs) can be shipped in the form of virtual machineimages and hosted over commodity hardware. It is likely thatthese VNF images will contain highly sensitive data and missioncritical network operations. For this reason, these VNF imagesare prone to malicious tampering during shipping and evenafter uploaded to the cloud image database. Furthermore, due tovarious applications, there is a requirement from mobile networkoperators to seal VNFs on specific platforms which satisfycertain hardware and software configurations. This requirescloud service providers to introduce some mechanisms to verifyVNF image integrity and host sealing before the instantiation ofVNFs. In this paper, we present a proof of concept demonstratedwith the help of an experimental setup to solve the above-mentioned problems. We also evaluate the performance of theenvisioned setup and present some insights on its usability.

AB - In Telco cloud environment, virtual network func-tions (VNFs) can be shipped in the form of virtual machineimages and hosted over commodity hardware. It is likely thatthese VNF images will contain highly sensitive data and missioncritical network operations. For this reason, these VNF imagesare prone to malicious tampering during shipping and evenafter uploaded to the cloud image database. Furthermore, due tovarious applications, there is a requirement from mobile networkoperators to seal VNFs on specific platforms which satisfycertain hardware and software configurations. This requirescloud service providers to introduce some mechanisms to verifyVNF image integrity and host sealing before the instantiation ofVNFs. In this paper, we present a proof of concept demonstratedwith the help of an experimental setup to solve the above-mentioned problems. We also evaluate the performance of theenvisioned setup and present some insights on its usability.

M3 - Paper

SP - 1

EP - 6

ER -