{"title":"确保 5G 虚拟网络安全:对 SDN、NFV 和网络切片安全性的批判性分析","authors":"Abdulrahman K. Alnaim","doi":"10.1007/s10207-024-00900-5","DOIUrl":null,"url":null,"abstract":"<p>5G, the current generation of communication networks is based on the standards defined by 3GPP and other organizations (ETSI, ENISA, NGMN). These standards define virtual networks supported by three basic technologies, SDN, NFV, and Network Slicing. Virtual networks are primarily built using software and have clear advantages that appear to be reduced because of the corresponding loss in security due to the larger attack surface of this type of network. On the other hand, virtual networks can be made even more secure than hardware-based networks by leveraging the flexibility and adaptability of virtual functions and numerous articles have studied different aspects of their security. Current work goes from proposals for specific mechanisms to general studies of threats and defenses. Some of these are systematic literature reviews considering everything published on a specific theme. We prefer to analyze carefully selected papers considered significant and produce from them an overview of the status of the security of the network technologies used by 5G. After this analysis, we have found that although there are many studies of threats, they are not systematic and have confusions about concepts that may mislead implementers; we also found that the large variety of defenses can be confusing to designers. We have therefore conducted a critical analysis of threats and defenses to provide a clear perspective of how to secure these networks. Based on this perspective, we propose directions for research to improve or extend current defenses. We note that although virtual networks have special characteristics, they are examples of systems and much of the theory of systems security applies to them.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"7 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Securing 5G virtual networks: a critical analysis of SDN, NFV, and network slicing security\",\"authors\":\"Abdulrahman K. Alnaim\",\"doi\":\"10.1007/s10207-024-00900-5\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>5G, the current generation of communication networks is based on the standards defined by 3GPP and other organizations (ETSI, ENISA, NGMN). These standards define virtual networks supported by three basic technologies, SDN, NFV, and Network Slicing. Virtual networks are primarily built using software and have clear advantages that appear to be reduced because of the corresponding loss in security due to the larger attack surface of this type of network. On the other hand, virtual networks can be made even more secure than hardware-based networks by leveraging the flexibility and adaptability of virtual functions and numerous articles have studied different aspects of their security. Current work goes from proposals for specific mechanisms to general studies of threats and defenses. Some of these are systematic literature reviews considering everything published on a specific theme. We prefer to analyze carefully selected papers considered significant and produce from them an overview of the status of the security of the network technologies used by 5G. After this analysis, we have found that although there are many studies of threats, they are not systematic and have confusions about concepts that may mislead implementers; we also found that the large variety of defenses can be confusing to designers. We have therefore conducted a critical analysis of threats and defenses to provide a clear perspective of how to secure these networks. Based on this perspective, we propose directions for research to improve or extend current defenses. We note that although virtual networks have special characteristics, they are examples of systems and much of the theory of systems security applies to them.</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"7 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-08-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00900-5\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00900-5","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Securing 5G virtual networks: a critical analysis of SDN, NFV, and network slicing security
5G, the current generation of communication networks is based on the standards defined by 3GPP and other organizations (ETSI, ENISA, NGMN). These standards define virtual networks supported by three basic technologies, SDN, NFV, and Network Slicing. Virtual networks are primarily built using software and have clear advantages that appear to be reduced because of the corresponding loss in security due to the larger attack surface of this type of network. On the other hand, virtual networks can be made even more secure than hardware-based networks by leveraging the flexibility and adaptability of virtual functions and numerous articles have studied different aspects of their security. Current work goes from proposals for specific mechanisms to general studies of threats and defenses. Some of these are systematic literature reviews considering everything published on a specific theme. We prefer to analyze carefully selected papers considered significant and produce from them an overview of the status of the security of the network technologies used by 5G. After this analysis, we have found that although there are many studies of threats, they are not systematic and have confusions about concepts that may mislead implementers; we also found that the large variety of defenses can be confusing to designers. We have therefore conducted a critical analysis of threats and defenses to provide a clear perspective of how to secure these networks. Based on this perspective, we propose directions for research to improve or extend current defenses. We note that although virtual networks have special characteristics, they are examples of systems and much of the theory of systems security applies to them.
期刊介绍:
The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation.
Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.