What are the security topics the need to be researched in NFV ?
In view of more & more Telcos are embarking on NFV i.e. using available IT hardware & software to horizontalize various VNF apps, holistic end-to-end NFV security can be a good research topic as personally I find that each vendors only responsible for the component security they are providing e.g. (see below & diagram attached):
NFVI compute & storage server security e.g. HPE Silicon Root of Trust - see https://www.zdnet.com/article/hpe-adds-silicon-root-of-trust-to-its-proliant-servers/
VIM security - cloud OS & virtualization hypervisor, VM sandboxing, VM & Container security exposure protection etc.
MANO security - authentication, role-based access / who can access what, integration exposure etc.
Since above components are likely provided by different vendors, holistic security assessment & protection should be put in place. Some might claim that why not verticalize entire PNF stack from top to bottom in which this is not security protection but rather can be intention to provide vendor locked-in or locked-down.
The security topics the need to be researched in NFV are
TRAFFIC HIDDEN FROM MONITORING
In virtual-compute environments, a significant portion of the network traffic never hits a physical link. Cisco estimates that about 73% of data-center traffic will come from within the data center by 2019—most of this traffic is virtual machine to virtual machine (VM to VM) communication, which is buried deep inside physical hosts. Known as “east–west traffic,” it is essentially invisible to traditional monitoring architectures and creates a big blind spot for network operations.
Topic : NEW SECURITY RISKS AND A SECURITY INFORMATION EXPLOSION
NFV creates several new security challenges. According to a technical paper from Alcatel Lucent, there are four major NFV-specific security issues operators must be aware of:
The introduction of new software components that did not exist in the traditional network model: The hypervisor and various management/orchestration elements, which creates a “longer chain of trust.”
By shifting the way of implementing hardware middleboxes (e.g., frewalls, WAN optimizers and load balancers) to software-based virtual network function (VNF) instances, network function virtualization (NFV) emerges as a promising paradigm that embraces great flexibility, agility and efficiency.