High Performance and Safe Multi-Tenant Network Function Support

Guardado en:

Detalles Bibliográficos
Publicado en:	ProQuest Dissertations and Theses (2025)
Autor principal:	Han, Xinyu
Publicado:	ProQuest Dissertations & Theses
Materias:	Computer science Computer engineering Web studies Information technology
Acceso en línea:	Citation/Abstract Full Text - PDF
Etiquetas:	Agregar Etiqueta Sin Etiquetas, Sea el primero en etiquetar este registro!

MARC


LEADER	00000nab a2200000uu 4500
001	3172878690
003	UK-CbPIL
020			\|a 9798304996891
035			\|a 3172878690
045	2		\|b d20250101 \|b d20251231
084			\|a 66569 \|2 nlm
100	1		\|a Han, Xinyu
245	1		\|a High Performance and Safe Multi-Tenant Network Function Support
260			\|b ProQuest Dissertations & Theses \|c 2025
513			\|a Dissertation/Thesis
520	3		\|a Network customizability and configurability are key requirements for data center servers and the cloud, as they need to provide different virtual networks containing different functionalities for different tenants. Network Functions (NFs) are means for providing this. However, the goal of managing performance, efficiency, security, and tenant-customizability of Network Functions is a challenging problem for those data center servers and the cloud. Network Functions have become programmable and enable generic packet processing like network virtualization, transformation, and intrusion detection. While those NFs are equipped with more and more powerful features because of the softwarization, the complexity of NFs has exposed large attack surfaces that compromise system confidentiality, integrity, and availability.Recent popular NF infrastructures are often only able to achieve high performance at the cost of security concerns like tenant isolation. They usually require privileged access to the system kernel or hardware for performance, but this means that NFs running within the infrastructures can also gain administrative control of the system and then compromise the system because of potential bugs or vulnerabilities. Vectorized Packet Processing (VPP) is such an exemplary NF infrastructure for multi-tenant virtualization and container platforms. NFs running in VPP can not only access any of the messages coming in and send them out, but also prevent the entire system’s communication through the network because of its direct control of the network hardware, thus causing potential data leaks and outages. These NF infrastructures also typically rely on massive amount of code and are extremely complex, therefore becoming difficult to attest for safety and security. Although there are other frameworks focusing on NF isolation to improve security, they fail to provide high performance, making them unsuitable for data center servers.In this thesis, we propose abstractions and mechanisms to implement a high performance and safe multi-tenant NF infrastructure to address the above problem. Firstly, we introduce a high level abstraction that aims to provide a paradigm for both efficient and safe multi-tenant NF execution. Then, we show the implementation and system of the abstraction can provide the strongly isolated multi-tenant NF execution model while maintaining high performance. Lastly, we evaluate multiple aspects of the system, including performance, isolation properties, and trusted computing base. We prove that the system can be a foundation for the high performance and safe multi-tenant NF execution infrastructure, which can potentially be leveraged by not only data centers and cloud intelligent networks but also edge computing and Internet of Things (IOT) scenarios.
653			\|a Computer science
653			\|a Computer engineering
653			\|a Web studies
653			\|a Information technology
773	0		\|t ProQuest Dissertations and Theses \|g (2025)
786	0		\|d ProQuest \|t ProQuest Dissertations & Theses Global
856	4	1	\|3 Citation/Abstract \|u https://www.proquest.com/docview/3172878690/abstract/embedded/L8HZQI7Z43R0LA5T?source=fedsrch
856	4	0	\|3 Full Text - PDF \|u https://www.proquest.com/docview/3172878690/fulltextPDF/embedded/L8HZQI7Z43R0LA5T?source=fedsrch