On the establishment of trust in the cloud-based ETSI NFV framework

This paper discusses the open issues in incorporating trust techniques in the NFV environment specified by the ETSI NFV Industry Specification Group, and it analyses available technologies to fill this gap. ETSI is developing security and trust specifications within its NFV-SEC working group, with the aim of establishing and assessing trust of both the hardware platform and the virtualised infrastructure hosting the Virtual Network Functions. Cloud computing, envisioned by ETSI as enabling technology for the deployment of the NFV infrastructure, represents a challenging environment for the establishment of trust. Open issues in this area include applicability of hardware-based trust assessment to a virtualised infrastructure, and integrity and privacy of virtual instances hosted on a multi-tenant platform. This paper discusses the challenges in applying one specific technology, Trusted Computing, to a NFV cloud-based architecture and proposes a concrete solution (based on the Intel OpenCIT framework) to address each issues. Moreover, a mapping between the ETSI NFV security and trust guidance and the OpenCIT capabilities is proposed. Finally, applicability of the solution to the NFV Management and Network Orchestration stack is discussed, with particular attention to the reference implementation promoted by the ETSI-hosted initiative Open Source MANO.