Académique Documents
Professionnel Documents
Culture Documents
Public
Preliminaries: ISO 7 Layer Protocol Stack
L7: Application
L4: Transport
[Machine] Addressing, encryption, routing, authentication, identity,
L3: Network Eg: IP addressing, protcols such as: TCP, BGP, SS7, Diameter, HTTP(s)
etc…
L2: Data Link
L7: Application
• Network address, subnets, etc
L6: Presentation • IP, Telephony, GT, etc.
• Machine identity
L5: Session • Packet flow and ordering, inc. sequence and nonce values
Meta-Data
• Timing
• Protocol
• Browser/Client information and configuration
L4: Transport
• API calls and parameters
• Encryption and authentication parameters
L3: Network • Location, language
• Session parameters
L2: Data Link •…
L1: Physical
5G
• eg: An SDN router may be physical or implemented as a VNF
•Content of data
•Information leakage
Privacy •LI and Surveillance
•Routing, storage and computation of data
•Geography and jurisdiction
•”Traditional”
These do not go away, but we now have more opportunities for these
as well as mitigations
Traffic Load
•SDN VNF VNF VNF Mgmnt Balancing
•Data Plane
• Denial of Service
• Topology detection
• Probing Controller
Management
•Control Plane
• Deliberate (or accidental) configuration
• Internal vs External access
• Human vs Automatic (Service orchestration) access
•Management Plane
application
application
application
application
application
application
•MANO & Orchestration
• Security orchestration … … …
• Log file
•LI/Surveillance/BigData
•Multitenancy
•[Security] Domain Management O/S O/S O/S …
VM VM VM …
•Process Mobility
•Geographical
•LI / Surveillance Hypervisor
•Domains
•Hypervisor
Hardware
•Memory integrity
Acceleration
Interfaces
Network
Memory
Storage
Physical
•Trusted compute environments
Module
Trust
CPUs
•Underlying hardware
•Hardware (network) acceleration
•Multi-tenancy threats
•Towards 2020
•Privacy
•Security monitoring for SDN, NFV •Geographical/Jurisdictional Trust
•Privacy Orchestration
•Security Orchestration •Advanced novel encryption: eg:
homomorphic
•Advanced packet filtering
•Multitenancy
•Malware detection •VNF mobility
•Traditional PC/Device security in the cloud
•Machine learning •Higher level attack detection
•Content detection in the presence of encryption •HLR/VLR integrity
•Honeypots •SDN reconfiguration
•SDN rerouting •Orchestration integrity
•Honeypots as a service
•Legacy Protocols
•SS7 vs Diameter