High Performance and Safe Multi-Tenant Network Function Support
Uloženo v:
| Vydáno v: | ProQuest Dissertations and Theses (2025) |
|---|---|
| Hlavní autor: | |
| Vydáno: |
ProQuest Dissertations & Theses
|
| Témata: | |
| On-line přístup: | Citation/Abstract Full Text - PDF |
| Tagy: |
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstrakt: | Network customizability and configurability are key requirements for data center servers and the cloud, as they need to provide different virtual networks containing different functionalities for different tenants. Network Functions (NFs) are means for providing this. However, the goal of managing performance, efficiency, security, and tenant-customizability of Network Functions is a challenging problem for those data center servers and the cloud. Network Functions have become programmable and enable generic packet processing like network virtualization, transformation, and intrusion detection. While those NFs are equipped with more and more powerful features because of the softwarization, the complexity of NFs has exposed large attack surfaces that compromise system confidentiality, integrity, and availability.Recent popular NF infrastructures are often only able to achieve high performance at the cost of security concerns like tenant isolation. They usually require privileged access to the system kernel or hardware for performance, but this means that NFs running within the infrastructures can also gain administrative control of the system and then compromise the system because of potential bugs or vulnerabilities. Vectorized Packet Processing (VPP) is such an exemplary NF infrastructure for multi-tenant virtualization and container platforms. NFs running in VPP can not only access any of the messages coming in and send them out, but also prevent the entire system’s communication through the network because of its direct control of the network hardware, thus causing potential data leaks and outages. These NF infrastructures also typically rely on massive amount of code and are extremely complex, therefore becoming difficult to attest for safety and security. Although there are other frameworks focusing on NF isolation to improve security, they fail to provide high performance, making them unsuitable for data center servers.In this thesis, we propose abstractions and mechanisms to implement a high performance and safe multi-tenant NF infrastructure to address the above problem. Firstly, we introduce a high level abstraction that aims to provide a paradigm for both efficient and safe multi-tenant NF execution. Then, we show the implementation and system of the abstraction can provide the strongly isolated multi-tenant NF execution model while maintaining high performance. Lastly, we evaluate multiple aspects of the system, including performance, isolation properties, and trusted computing base. We prove that the system can be a foundation for the high performance and safe multi-tenant NF execution infrastructure, which can potentially be leveraged by not only data centers and cloud intelligent networks but also edge computing and Internet of Things (IOT) scenarios.  |
|---|---|
| ISBN: | 9798304996891 |
| Zdroj: | ProQuest Dissertations & Theses Global |