When studying for a doctoral degree (PhD), candidates submit a thesis that provides a critical review of the current state of knowledge of the thesis subject as well as the student’s own contributions to the subject. The distinguishing criterion of doctoral graduate research is a significant and original contribution to knowledge.
Once accepted, the candidate presents the thesis orally. This oral exam is open to the public.
Abstract
Over the last decade, Network Functions Virtualization (NFV) has emerged as an innovative networking architecture that exploits sophisticated virtualization technologies to decouple Network Functions (NFs) from proprietary physical boxes. However, the multi-level and multi-factor nature of such an architecture may lead to novel security threats and challenges, e.g., stealthy attacks may cause a mismatch to silently arise between tenant-level specifications of Virtual Network Functions (VNFs) chains and their cloud provider-level deployment. Therefore, to safely harness the advantages of NFV, it is essential to implement suitable security auditing mechanisms to ensure security compliance and identify any security breaches. Nonetheless, existing security auditing mechanisms may face novel challenges in the context of NFV. First, NFV tenants typically have limited access to the underlying cloud infrastructure, while the cloud provider is typically reluctant to share its data with the tenants due to potential data confidentiality and privacy concerns. Second, fully relying on the cloud provider to perform the security auditing may not be sufficient, since the cloud provider is typically unaware of the specific requirements of every tenant, and consequently, modifications made by a stealthy attacker may seem legitimate to the provider. Finally, most of the existing solutions require instrumentation for the cloud-level deployment of VNFs or modification to the cloud infrastructure, which is unrealistic in real-life scenarios. This thesis proposes a series of novel security auditing solutions for both the tenants and provider of NFV, while addressing the limitations of existing works. First, to address the tenants’ limited access and the provider’s reluctance to share data, we propose an interactive and customizable anonymization tool, namely iCAT, for the cloud provider to enable selective data sharing in a privacy-preserving manner while taking into account the requirements of both the tenants and provider specified in a natural language. To this end, we first define the novel concept of anonymization space to model all combinations of per-attribute anonymization primitives based on their levels of privacy and utility. Then, we leverage NLP and ontology modeling to provide an automated way to translate data owners’ requirements and data users’ textual requirements into appropriate anonymization primitives. Second, to avoid relying only on the provider for security auditing, we propose a tenant-based, two-stage solution. The first stage leverages tenant-level side-channel information to identify suspected integrity breaches, and the second stage then automatically identifies and anonymizes selected provider-level data for the tenant to verify the suspected breaches from the first stage. The key advantages of our solution are: i) the first stage gives tenants more control and transparency (with the capability of identifying integrity breaches without the provider’s assistance), and ii) the second stage provides tenants higher accuracy (with the capability of rigorous verification based on provider-level data). Third, to provide tenants with even stronger security guarantee, we combine the rigor of a cryptographic solution with the zero overhead of side-channel watermarking. Specifically, we propose a lightweight solution for tenants to perform continuous detection and classification of cloud-level attacks on service function chains. Our main idea is to “virtualize” cryptographic trailers by encoding them as side-channel watermarks. This provides the best of both worlds, i.e., verifiable attack detection and classification without the overhead. We tackle several key challenges such as encoding virtual trailers within limited side channel capacity and minimizing packet delay.