Professional Documents
Culture Documents
Vulnerabilities
Abstract—Network functions virtualization (NFV) is a new encourage innovation and competition in both the
paradigm in the network technology domain. NFV decouples telecommunication industry and academia [5].
network functions (NFs) from proprietary appliances and
deploys these functions into high-volume servers such as the x86. Another emerging network technology is the SDN, which
Instead of having NFs on propriety devices that are built-in enables networks to decouple underlying functions from the
software, NFV leverages virtualization to deploy NFs on high- hardware into different planes such as data and control planes
volume servers. This will enable innovations and opportunity for [11]. SDN and NFV are highly complementary and can work
industry and academia. In contrast with traditional networks, together, creating an interesting industry trend [12].
NFV reduces the capital expenditure (CAPEX) and operating Consolidating SDN with NFV can be great because of the
expenses (OPEX). However, its security becomes crucial. greater benefits they provide together [5]. However, SDN can
Specifically, virtualized network functions (VNFs) are an stand alone, as can NFV [12].
important part of NFV. In this paper, we aim to investigate
security issues in VNFs. Furthermore, we discuss security With all due respect to NFV’s benefits, its security issues
challenges in software defined networks (SDNs) when virtualized play critical roles and need to be addressed. More specifically,
as VNFs. In this paper, we also highlight some important VNFs become a significant part of NFVs’ architecture.
research directions in NFV that need more investigation to Therefore, VNFs can be vulnerable to diverse attacks from
mitigate security attacks. inside, outside and between VNFs. This paper, will investigate
specific security issues in VNFs. Furthermore, we will explore
Keywords—Network function virtualization; virtual network and discuss security challenges in SDN as virtualized as VNFs.
functions; NFV; security; VNF; Software Defined Network; SDN This paper also highlights some research directions in NFV
that necessitate more study to mitigate security attacks.
I. INTRODUCTION
Traditional networks operate and deploy in physical This paper is structured as follow: Section II briefly
proprietary devices that have their own software running [1]. outlines the architecture of NFV and SDN as VNFs. Section
The devices usually are built-in software to provide specific III discusses security issues in VNFs and SDN as VNFs.
network functions [2]. To provide services to consumers, the Section IV highlights some important research directions in
telecommunications industry must buy, store, and operate new NFV. Finally, we conclude this work in section V.
physical devices [2]. All the traditional network requirements
take long product cycles to provide service, and these II. OVERVIEW
requirements cause high CAPEX and OPEX [2].
To address these issues, NFV was proposed in 2012 at the A. NFV Architecture
SDN & OpenFlow World Congress [3]. NFV provides a new This section briefly outlines the architecture of NFV and
trend for telecommunication service providers (TSPs), and how it works. Moreover, this section discusses SDNs as
changes the way traditional networks operate [3]. The idea VNFs.
behind NFV is to decouple NFs from the proprietary
appliances’ hardware and leverage virtualization to run on The European Telecommunication Standards Institute
high-volume servers such as the 86x [2]. To illustrate, (ETSI) defines and produces different documents for NFV [6].
traditional networks have implemented NFs in proprietary One of these documents addresses NFV’s architecture
hardware that is limited to vendor specifications that cannot be framework.
changed [4]. Fig. 1 shows the high-level architecture of NFV, which
NFV, though, enables the network to implement NFs such consists of three main parts [7]:
as firewalls, gateways, and load balancers as virtualized
software running on high-volume servers instead of
proprietary hardware appliances. [4]. This process will