A proposal for trust monitoring in a Network Functions Virtualisation Infrastructure

Network Functions Virtualisation (NFV) is a novel paradigm for softwarisation of network functions that allows an operator to leverage large scale virtualisation to enhance availability and flexibility of typical network and security services offered to end users. Virtual Network Functions are proposed as an alternative to traditional hardware appliances, with the aim of reducing maintenance and upgrade costs and enhance the provisioning and on-demand placement of network functions. Although promising, this paradigm introduces relevant challenges in the field of security, as the attack surface of a virtualised architecture is larger than a traditional hardware-based network platform. In fact, not only it is affected by both generic threats of virtualisation and networking domains, it also introduces new threats due to the combination of these domains. In this work, we propose the design of a centralized monitoring and reporting solution to assess the trustworthiness of a NFV infrastructure, named Trust Monitor. Moreover, we present an open-source prototype for the proposed solution, which is tailored for the Security-as-a-Service use case and integrated with a reference NFV framework