The fifth generation of mobile networks (5G) will support new business and service models. A particular model of business and technical interest is multi-operator service orchestration, where service chains are created dynamically with coordination across multiple administrative domains. In such a scenario, resource sharing among operators is expected to be enabled by emerging network softwarization technologies such as Software-Defined Networking (SDN) and Network Functions Virtualization (NFV). On top of the inherent security issues of network softwarization, the complex relationships between operators add a unique dimension to the fundamental requirements for 5G networks. It is a key objective for network operators to identify new threats and security issues before deploying novel methods for service orchestration. This chapter elaborates on new security challenges posed by multi-operator service orchestration as defined by the H2020 5G-PPP 5G Exchange project. We revisit current standards and recommendations from ITU-T and ETSI under the scope of SDN and NFV. In addition, we present a method for threat analysis as well as gaps between requirements and current security schemes and standards, opening new research directions.
Software-Defined Networking (SDN) has evolved as a new networking paradigm to solve many of current obstacles and limitations in communication networks. The SDN technology is going to be implemented in multi-tenant environments like data centers where several customers, which are called "tenants", share network resources. In fact, the integration of SDN allows tenants in a shared network to have higher levels of control over available resources. While this approach has several advantages, the isolation between the tenants of a shared network becomes a vital factor which has not been discussed clearly so far. This thesis discusses multi-tenancy and explains current isolation approaches in a multi-tenant SDN. For increasing isolation between tenants, this thesis proposes a scalable solution that provides traffic isolation, address space isolation, control isolation and performance isolation. In the new system architecture, tenants are not limited to their own networks and they are able to make interaction with each other and external resources. Indeed, while tenants are isolated from each other, they are allowed to access special services offered by other tenants or external services outside of a shared network.The evaluation of the prototype proves that the new architecture provides a high level of isolation in a multi-tenant SDN and it is scalable enough to be implemented in large networks with millions of tenants.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.