TY - GEN
T1 - Towards a 5G security architecture
T2 - 13th International Conference on Availability, Reliability and Security, ARES 2018
AU - Blanc, Gregory
AU - Kheir, Nizar
AU - Ayed, Dhouha
AU - Lefebvre, Vincent
AU - Montes de Oca, Edgardo
AU - Bisson, Pascal
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/8/27
Y1 - 2018/8/27
N2 - 5G is envisioned as a transformation of the communications architecture towards multi-tenant, scalable and flexible infrastructure, which heavily relies on virtualised network functions and programmable networks. In particular, orchestration will advance one step further in blending both compute and data resources, usually dedicated to virtualisation technologies, and network resources into so-called slices. Although 5G security is being developed in current working groups, slice security is seldom addressed. In this work, we propose to integrate security in the slice life cycle, impacting its management and orchestration that relies on the virtualization/softwarisation infrastructure. The proposed security architecture connects the demands specified by the tenants through as-a-service mechanisms with built-in security functions relying on the ability to combine enforcement and monitoring functions within the software-defined network infrastructure. The architecture exhibits desirable properties such as isolating slices down to the hardware resources or monitoring service-level performance.
AB - 5G is envisioned as a transformation of the communications architecture towards multi-tenant, scalable and flexible infrastructure, which heavily relies on virtualised network functions and programmable networks. In particular, orchestration will advance one step further in blending both compute and data resources, usually dedicated to virtualisation technologies, and network resources into so-called slices. Although 5G security is being developed in current working groups, slice security is seldom addressed. In this work, we propose to integrate security in the slice life cycle, impacting its management and orchestration that relies on the virtualization/softwarisation infrastructure. The proposed security architecture connects the demands specified by the tenants through as-a-service mechanisms with built-in security functions relying on the ability to combine enforcement and monitoring functions within the software-defined network infrastructure. The architecture exhibits desirable properties such as isolating slices down to the hardware resources or monitoring service-level performance.
KW - Network slicing
KW - Security as a service
KW - Software-defined security
UR - https://www.scopus.com/pages/publications/85055291480
U2 - 10.1145/3230833.3233251
DO - 10.1145/3230833.3233251
M3 - Conference contribution
AN - SCOPUS:85055291480
T3 - ACM International Conference Proceeding Series
BT - ARES 2018 - 13th International Conference on Availability, Reliability and Security
PB - Association for Computing Machinery
Y2 - 27 August 2018 through 30 August 2018
ER -