Abstract
With the emergence of 6G, novel approaches are demanded to identify and address cyber-security, trust and privacy risks threatening the softwarised and virtualised networks and computing infrastructure, and next-generation services. One of the main innovations beyond State-of-the-Art envisioned is to deliver End-to-End Multi-domain Multi-tenant 6G Network Slicing capabilities over Zero-touch Security Network Management.
This paper introduces a novel security enabler deployed in the data plane where network slicing is explored as a security mitigation mechanism. In this way, legitimate traffic can be isolated from harmful traffic and the attacker will have near zero vulnerability surface to compromise the implemented security measures. The proposed solution is centred on Network SelfProtection (NSP) based on the Open Virtual Switch (OVS) platform, to which significant extensions have been undertaken to support Network Slicing capabilities in multi-tenant multidomain beyond 5G networks.
Preliminary experiments show promising results in terms of overhead introduced in the data plane (in the order of microseconds) and high scalability when deploying up to 2048 network slices. The proposed software network slicing enabler is a suitable candidate for coping with network traffic with different levels of nested encapsulation associated with this kind of virtualised infrastructures.
This paper introduces a novel security enabler deployed in the data plane where network slicing is explored as a security mitigation mechanism. In this way, legitimate traffic can be isolated from harmful traffic and the attacker will have near zero vulnerability surface to compromise the implemented security measures. The proposed solution is centred on Network SelfProtection (NSP) based on the Open Virtual Switch (OVS) platform, to which significant extensions have been undertaken to support Network Slicing capabilities in multi-tenant multidomain beyond 5G networks.
Preliminary experiments show promising results in terms of overhead introduced in the data plane (in the order of microseconds) and high scalability when deploying up to 2048 network slices. The proposed software network slicing enabler is a suitable candidate for coping with network traffic with different levels of nested encapsulation associated with this kind of virtualised infrastructures.
Original language | English |
---|---|
Title of host publication | Proceedings of the 6th International Workshop on Cyber-Security in Software-defined and Virtualized Infrastructures (SecSoft 2024) |
Subtitle of host publication | St. Louis, USA, Jun 2024 |
Publisher | IEEE |
Number of pages | 6 |
Publication status | Accepted/In press - 3 May 2024 |
Event | 6th International Workshop on Cyber-Security in Software-defined and Virtualized Infrastructures - St. Louis, United States Duration: 28 Jun 2024 → … https://secsoft-workshop.org/ |
Conference
Conference | 6th International Workshop on Cyber-Security in Software-defined and Virtualized Infrastructures |
---|---|
Abbreviated title | SecSoft 2024 |
Country/Territory | United States |
City | St. Louis |
Period | 28/06/24 → … |
Internet address |
Keywords
- network slicing
- cyber-security
- 6G
- orchestration
- multi-tenant infrastructures