Open AccessAn Integrity Measurement Scheme for Containerized Virtual Network Function
Author(s) -
Dazan Qian,
Songhui Guo,
Lei Sun,
Qianfang Hao,
Yunfan Song,
Miao Wang
Publication year - 2021
Publication title -
journal of physics. conference series
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.21
H-Index - 85
eISSN - 1742-6596
pISSN - 1742-6588
DOI - 10.1088/1742-6596/2137/1/012029
Subject(s) - computer science , virtual network , overhead (engineering) , software deployment , isolation (microbiology) , container (type theory) , computer security , scheme (mathematics) , computer network , embedded system , operating system , engineering , mechanical engineering , microbiology and biotechnology , biology , mathematical analysis , mathematics
The deployment of virtual network function (VNF) in the container can realize the 5G service-based architecture (SBA) with high flexibility. The container carrying the VNF has poor isolation and low protection capabilities, and there is a security risk of being tampered and replaced. Current security protection technologies such as access control, intrusion detection, and virus detection cannot ensure that the container is not illegally modified. In order to fundamentally protect the integrity of containerized VNFs, this paper proposes a containerized VNF trust measurement scheme container integrity measurement (CIM). The scheme extends the chain of trust to bare metal containers and virtual machine containers, and experiments are carried out in a containerized VNF communication environment. The results show that the integrity measurement protection scheme is effective. Compared with ordinary containers, the average CPU usage of trusted containers has increased by 26%, and the average memory usage growth rate is less than 1%, the performance overhead caused by CIM is acceptable.