ABSTRACT
Network Functions Virtualization (NFV) has emerged as a technology to provide a virtualized implementation of hardware-based equipment such as firewall, routers, and Intrusion Detection System (IDS). Virtual Network Functions (VNFs) can be realized through virtual machines (VMs) or containers running on top of the physical server of cloud computing infrastructure.
SDN acts as enabling technology for NFV. Despite the great benefits offered by SDN and NFV, the security, privacy and trust management remain an important problem to be addressed. The architecture of SDN and NFV has been discussed in previous chapters. In this chapter, we discuss the security challenges faced by different components of SDN and NFV, some that are part of traditional network architecture, and some introduced because of the SDN/NFV framework that should be considered before deployment of SDN/NFV technologies in a cloud network or data-center.
We survey the threat model and security challenges in NFV in Section 5.1. Section 5.2 has been dedicated to the classification of NFV security from the perspective of intra- and inter-virtual network functions (VNF) design. We also introduce some of the defense mechanisms that are used in NFV to deal with current threat vectors. In Section 5.3, we consider SDN security threat vectors. Section 5.2.2 provides guidelines for the design of a secured SDN platform. Additionally, we discuss the threat vectors specific to the SDN data plane, SDN architecture, OpenFlow protocol and OpenFlow switching software in this section.
