Objective 6: Secured service provisioning with Software Defined Networking and Network Function Virtualization

Motivation

SDN arises as a promising technology to achieve a more dynamic and flexible provisioning of services with carrier-class. Other related technologies are appearing as a step forward to improve and complement this approach, like NFV (Network Function Virtualization) or NSC (Network Service Chaining). To move this proposal into production the security must be considered as a design parameter, being a key topic to be covered to avoid unauthorized connections and deliver these services in a secure manner. Supporting a very dynamic and fine-grained Identity-based service provisioning over shared/virtualized networks developed with NFV and NSC demands an exhaustive study of the security implications in every stage of the process.

In this objective, the NFV-compliant security architecture for SDNs will be developed and evaluated. The feasibility of deploying NFV-compliant AAA services in a virtualized network will be analysed and the corresponding architecture will be designed. The challenges that Network Service Chaining brings up will be analysed. Considering the explored challenges, identity-based security mechanism needed for the Network Service Chaining deployment in a multiprovider, multitenant, multidomain environment will be explored defining an architecture that provides security for NSC.