Network Management & Virtualization Isolation

5G-ENSURE analyses the security implications of multi-domain software defined networks and virtualized network functions. The goal is to develop solutions mitigating security threats in software-defined networking (SDN). These threats become even more evident when network resources are shared widely as in the 5G architecture. In particular strict policy control on the central controllers and secure virtualization isolation are mandatory.

Challenges addressed
The management of 5G networks will fundamentally change through applying the principle of SDN. While 4G networks already have a clear spit between data plane and management plane, the adoption of SDN in 5G networks will further evolve network management with a more centralized approach. Centralized control of the overall network infrastructure has a huge potential of simplifying network management and for offering new, richer, and more flexible network services. This potential is complemented by the programmable nature of SDN networks, which in turn eases the virtualization of networks. However, centralized control represents a valuable target for attacks and a single point of failure.
Generally, the security benefits and drawbacks of SDN are not yet well explored, not even in small-scale applications. When it comes the 5G back-haul network where multiple virtualised or SDN domains may be cooperating, security and resilience urgently needs to be considered.

Relevance for 5G-ENSURE
The Network Management & Virtualisation Isolation security enablers aim at securing a network's control plane and the virtualized networks on top of it. They will account for shared (physical) network resources between different network and service providers, which might have competing objectives. Enablers for securing network services will provide new security services where the creation and the management of isolated (virtualized) network segments in which fine-granular network flow policies can be enforced.