On the design of security policies for service function chains in 5G networks

Santhosh, Jesty Mariam

Title: On the design of security policies for service function chains in 5G networks
Creator: Santhosh, Jesty Mariam
Relation: University of Newcastle Research Higher Degree Thesis
Resource Type: thesis
Date: 2025
Description: Masters Research - Master of Philosophy (MPhil)
Description: The rapid evolution of networked systems, such as 5G, has revolutionized service delivery across diverse applications and devices with varying, often conflicting, requirements. This transformation has been facilitated by the softwarization of networks, employing Software-Defined Networking (SDN) and Network Function Virtualization (NFV) technologies, which offer programmability, flexibility, and modularity. However, the security challenges in this increasingly complex landscape of virtualized services have become significant. The successful delivery of end-to-end services in 5G networks often necessitates a range of service functions. Hence, chaining service functions has become essential when it comes to meeting the diverse and evolving service demands of 5G. Service Function Chains (SFCs) orchestrate a series of Virtual Network Functions (VNFs) or Service Functions (SFs) to deliver network services, with data traversing these functions in a predetermined order. Ensuring the security and trustworthiness of SFCs is critical in 5G networks, which rely heavily on such chains to manage diverse and dynamic service requirements. The main aim of this thesis is to investigate the security and trust challenges inherent in SFCs in 5G networks with a view to synthesizing secure service function chains by design. To achieve this objective, the thesis has adopted a policy driven approach to composing secure service function chains. This approach enables a policy-aware instantiation and orchestration of service function chains satisfying specified security policies. We develop a policy language to specify the required security policies capturing the security requirements that the service function chains need to satisfy. We propose a security policy aware (SPA) model to represent, evaluate and enforce the security policies. Then the SPA model is implemented in the form of a security policy layer (SP Layer). The SP Layer is integrated within an open virtualized network platform for 5G networks. We have analysed the applicability of the proposed security policy aware model (SPA model) in two practical use case scenarios, namely a video streaming service and an Internet of Medical Things (IoMT) service. These scenarios illustrate the use of SFCs in the provision of services and the types of security constraints that need to be enforced to meet the regulatory, operational, and security requirements, ensuring the secure delivery of network services. We have also carried out an analysis of the implemented SP Layer prototype by performing a range of experiments on the computational time and memory required for different types of security policies and different service functions and SFCs. These findings show that the proposed security policy model and mechanisms ensure security compliance, which is highly beneficial in synthesizing secure network services in 5G. However, the performance results also indicate the need for optimization of SFC configurations such as balancing the service function distribution across virtual machine infrastructures to enhance memory efficiency and reduce latency, especially for complex service function chains. Finally, we provide a discussion comparing our model with recent relevant research works. Through these comparisons, we highlight the strengths of our proposed security policy model as well as identify the areas where our model diverges from or improves on existing solutions. In summary, the policy driven approach has an important role to play in the synthesis of secure service function chains for the provision of network services in 5G networks. This has been demonstrated with our security policy aware model (SPA model), its instantiation in the form of the security policy layer, and the integration of the security policy layer within an open network virtualization platform.
Subject: 5G security; SDN; SFC; NFV; VNF; Open-MANO
Identifier: http://hdl.handle.net/1959.13/1518403
Identifier: uon:57282
Language: eng
Full Text

Hits: 291
Visitors: 322
Downloads: 58

		Thumbnail	File	Description	Size	Format
View Details Download			ATTACHMENT01	Thesis	5 MB	Adobe Acrobat PDF	View Details Download
View Details Download			ATTACHMENT02	Abstract	613 KB	Adobe Acrobat PDF	View Details Download