< Back to previous page

Project

5GhOSTS - Integrity assurance for multi-component services in 5G networks

Multi-component Virtual Network Functions (VNF) depend on a Trusted Computing Base (TCB) offered by the underlying infrastructure in order to ensure the secure operation of the VNF. The use of VMs to implement multi-component VNFs on multi-tenant infrastructures that include a TCB is well researched, however, not so for Containers and Lightweight VMs. The ETSI NFV Security group has determined VNF modeling and VNF initiation and update procedures (NFV SOL 004) for hyper-visor based virtualization technology as implementation basis, but not yet for the more light-weight container technology. Container security is deemed not straightforward and a more thorough understanding of security requirements and guarantees is needed. Recent advances such as lightweight VMs are innovative but require further investigation. Technologies such as Trusted Platform Modules (TPMs), vTPMs, hardware enclaves (Intel SGX, AMD SEV) are potential candidates for integrity assurance of VNF distribution, initiation and update. However applying these on multi-component VNFs is not straightforward, in particular in a multi-tenant environment. The scientific objectives of this project are as follows: - Assess the state of the art and develop a trust model of multi-component VNFs in a multi- tenant 5G telecom systems environment - Assess existing technologies: e.g. ETSI NFV (NFV SEC 007) with respect to VNF descriptions and formats, VNF distribution forms and also assess different virtualization technology component descriptions and distribution forms (e.g. container images, lightweight VM images) - Design a framework for VNF development, distribution, initiation and update taking in account state of the art in TCB technologies - Instantiate framework variants from a selected set of virtualization techniques (e.g. Containers, Lightweight VMs) and a selected set of trusted computing technologies (e.g. TPM, vTPM, Intel SGX, AMD SEV). - Develop a formal system model for specifying the framework components at a high abstraction level and verify security properties that can be enforced by means of (i) admission control and (ii) system security methods.

Date:3 Nov 2020 →  Today
Keywords:privacy, mobile networks, containers, 5g, security
Disciplines:Communication networks, Computer system architecture, Computer system security, Cryptography, privacy and security
Project type:PhD project