Virtual Open Systems Scientific Publications
2nd Workshop on 5G Cloud-Native Design (5GCND) in conjunction with IEEE Wireless Communications and Networking Conference (IEEE WCNC 2019), Marrakech, Morocco.
Security, virtualization, cloud, edge computing, Trusted Execution Environment, TEE, OP-TEE, Arm TrustZone, VIM, Virtualized Infrastructure Manager, OpenStack
This work has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 761508 (H2020 5GCity project).
The Fifth Generation (5G) mobile networks promise faster connectivity and futuristic applications and services. In order to meet the high expectations, 5G joins forces with virtualization technologies like Network Functions Virtualization (NFV) and adopts cloud-native solutions. At the same time, it relies on shifting the computation to the network edge for offloading computing power, local caching, minimized latency and flexibility in the deployment. However, the new opportunities unlock new security challenges. Man-in-the-middle, denial-of-service attacks and tampering are now becoming easier because of the scattered devices and their varying locations. Meanwhile, the dynamic nature of the cloud raises the need for on-time threats prevention.
In this work, we propose a way to answer the new challenges by bringing trust into the virtualized edge infrastructure. We present our contributions to the development of security services for platform authentication and integrity, hosted inside a Trusted Execution Environment (TEE). We also evaluate the performance overhead of our work and suggest future improvements.
The Fifth Generation (5G) mobile networks are promising greater data capacity and speed as well as enabling new applications and services. Cloud computing and virtualization have become an integral part of these networks that are today becoming more dynamic and agile thanks to cloud-native and edge computing technologies. In particular, edge computing brings the benefits of reduced network traffic, location-awareness and low-latency while cloud-native solutions improve performance and reduce cloud services footprint. However, both open new security challenges. In fact, the edge computing scattered architecture and the wireless connectivity increase the risk of man-in-the-middle attacks, with a major threat of device tampering or replacement. Moreover, cloud-native solutions aim to simplify all levels of the 5G software stack, optimizing it for cloud execution and removing unnecessary dependencies with bare metal solutions. Nevertheless, they significantly rely on the virtualization infrastructure for security. Among the many known aspects of the cloud-native and edge security, the protection of the virtualization infrastructure and the platform integrity are the focus of this work.
We propose a trusted edge computing infrastructure based on Arm edge devices. In addition, we add attestation extensions to OpenStack, one of the most widely adopted open-source cloud managers. The combination of a remote attestation integrated into the virtualized infrastructure management software and a trusted pool of devices brings a secure and trusted virtualized edge.
As part of this work, we perform a series of measurements showing the trade-off between performance and increased security. The experiments are conducted using standard virtual machines (VMs), showing the worst-case scenario in terms of guest boot times. However, the same concept is still applicable when working with unikernels or containers which can achieve a faster boot.
Access the full content of this publication
Login or register to access full information
- Vosysmonitor ecrts2017
- Rdma virtualization hpcs2017
- Hpc exascale dsd2017
- Vfpgamanager reconfig2017
- Safe split display icons2018
- Edge vim bmsb2018
- Openflow vswitch fmec18
- Vosysvirtualnet sies2018
- Egvirt als2018
- Vfpgamanager bmsb2018
- Microvm benchmark eucnc2018
- Vosysmonitor safety fruct23
- Egvirt aglamm2018
- Geofencing trustedvim eucnc2019
- Vfpgamanager eucnc2019