NFV Security Tutorial

Understanding the security landscape when implementing NFV

Tuesday 13 June 2017 - Amphi Iris 

The NFV Security tutorial will run in parallel with the eIDAS workshop. 

This event is designed to educate attendees on security concerns facing operators and providers as they move forward with implementing NFV. While the topics are focused on security and are technical in nature we believe any individual responsible for designing, implementing or operating a NFV system in an organization will benefit from this session.

Attendees should expect to learn about some of the unique security challenges associated with NFV from both a technology and process viewpoint.

An overview of the scope of the NFV-SEC Working Group will be provided and the following topics will be covered:

  • Issues specific to virtualized environments (shared resources, timekeeping, attack vectors)
  • The value of hardware security devices and security enclaves
  • Overview of hardware attestation
  • Potential issues related to enhanced packet processing and confinement technologies
  • Security related issues when using "commercial off the shelf" (COTS) and open-source software
  • Overview of Attribute Based Access Control (ABAC)
  • Establishment of trust in a multi-layer and multi-administrator environment
  • Issues associated with software defined and overlay networks
  • Security management and monitoring principles

Demonstrations will be used to illustrate scenarios when possible.

The NFV Security Programme Committee is pleased to present the following tutorial programme:

09:00-09:10 Welcome and Objectives of the Day
Michael Lazar, DataArt Solutions Inc and Matt Carus, National Cybersecurity Centre
09:10-09:45 Session 1: NFV Security
  Why is security different for virtualized systems?
This session will introduce and cover security considerations specific to virtualized and NFV environments including:
  • Shared resources
  • Timekeeping
  • Attack vectors unique to virtualization
10:15-10:45 Coffee and Networking Break
10:45-11:45 Session 2: Building a good foundation for NFV Security
  This session will provide an overview of Attestation, hardware security devices, hardware security enclaves as well as software confinement technologies including:
  • Root of Trust
  • Trusted Platform Modules
  • Trusted Execution and TrustZone
  • Using commercial off the shelf components (COTS)
  • Attestation, Remote Attestation and "Secure Booting"
  • Software Confinement (e.g. SELinux)
11:45-12:30 Session 3: Software Issues
  This session will build up on the previous session and discuss the software issues that impact virtualized security including:
  • Enhanced Packet Processing concerns
  • Open Source concerns
  • Software Defined Networking and overlay networks
12:30-14:00 Networking Lunch
14:00-14:30 Session 4 : Security management and monitoring principles
  This session discussion issues with the establishment of trust in a multi-layer and multi-administrator environments and will introduce the concept of Attribute Based Access Control (ABAC)
14:30-14:45 Coffee and Set up for Capture the Flag Exercise
14:45-17:50 Session 5: Hands on Capture the Flag Exercise
  This hands-on session will provide all levels of participants to see the implications of security in a functional NFV environment.
Participants will be given access to NFV tenant machines and the instructors will guide them through various hands on scenarios.
17:50-18:00 Wrap up of the Day
18:00 - 20:00 Cocktail