search query: @keyword trust / total: 23
reference: 1 / 23
« previous | next »
| Author: | Ravidas, Sowmya |
| Title: | Incorporating Trust in Network Function Virtualization |
| Publication type: | Master's thesis |
| Publication year: | 2016 |
| Pages: | 88 s. + liitt. 12 Language: eng |
| Department/School: | Perustieteiden korkeakoulu |
| Main subject: | Mobile Computing- Services and Security (T-110) |
| Supervisor: | Aura, Tuomas |
| Instructor: | Oliver, Ian |
| Electronic version URL: | http://urn.fi/URN:NBN:fi:aalto-201611025413 |
| Location: | P1 Ark Aalto 5800 | Archive |
| Keywords: | NFV telecommunications cloud trust TPM orchestration OpenStack |
| Abstract (eng): | This thesis concentrates on ways of establishing trust in a telecommunications cloud environment based on Network Function Virtualization (NFV). Telecommunication network functions can be deployed as software packages known as Virtualized Network Functions (VNF). These VNFs are mission critical network elements such as the Mobility Management Entity (MME) or Home Location Register (HLR), which must be hosted on trusted infrastructure. In such an application, it is important to verify the integrity of both the infrastructure and the VNF in order to reduce the blind trust we place upon it. This leads to challenges, such as finding a balance between resource selection based on trust status and fault tolerance. The goal of this thesis is to understand these challenges in detail, to develop methods to address them, and also to implement a prototype demonstrating these features. We design and implement a trusted telecommunications cloud environment where the infrastructure integrity is verified using trusted computing technologies which use Trusted Platform Module (TPM). We develop a management entity called the Trusted Security Orchestrator (TSecO). This system implements signing of VNF images and VNF-TPM binding to enable VNF integrity checks at launch time and to ensure that VNFs are hosted on the most suitable (trusted) platform available. One particularly interesting problem identified in the experiments is that incorporating trust in NFV may lead to failure situations when the desired trusted resources are not available. We propose a policy-based fault tolerance approach to address the trusted resource selection problem. Altogether, the techniques developed in this thesis are a step towards practical deployment of trusted NFV in the telecommunications cloud. |
| ED: | 2016-11-13 |
INSSI record number: 54944
+ add basket
« previous | next »
INSSI