Attack Detection, Investigation, and Mitigation for Network Functions Virtualization (NFV) скачать в хорошем качестве

Attack Detection, Investigation, and Mitigation for Network Functions Virtualization (NFV)

22nd Annual International Conference on Privacy, Security & Trust, August 2025. Attack Detection, Investigation, and Mitigation for Network Functions Virtualization (NFV) by Dr. Lingyu Wang, Professor of Computer Engineering, School of Engineering, UBC Okanagan. By decoupling network functions from proprietary physical boxes, Network Functions Virtualization (NFV) allows tenants to host their network services on top of existing clouds managed by third-party providers. NFV may also lead to novel security challenges at different abstraction levels. In this talk, I will present three of our recent works on securing NFV through attack detection (USENIX Security'24), attack investigation (S&P’25), and attack mitigation (NDSS'24). First, NFV tenants typically cannot directly inspect the underlying cloud infrastructure to detect cloud-level attacks on their network function deployment. Existing solutions add a cryptographic trailer to every packet, which may incur significant performance overhead. We propose ChainPatrol, a lightweight solution for tenants to perform continuous detection and classification of cloud-level attacks on SFCs. Our main idea is to “virtualize” cryptographic trailers by encoding them as side-channel watermarks, such that those trailers can be transmitted without adding any extra bit to packets. Second, while provenance analysis is one of the go-to solutions for investigating security incidents, existing solutions share the limitation of merely regarding the incident as an abstract starting point. We observe that doing so may lead to missed opportunities for pruning the provenance graph, since the incident is typically associated with rich external information about the corresponding vulnerability or exploit. Based on such an observation, we propose CONTEXTS, a solution that complements existing pruning approaches by leveraging such external information about the incident. Third, unpatched vulnerabilities in containers represent a major challenge to mitigating attacks in NFV environments. The average time-to-patch of zero-day vulnerabilities has stayed above 100 days in recent years, which leaves a wide attack window. We propose Phoenix, a solution for blocking exploits of unpatched vulnerabilities by accurately and efficiently filtering sequences of system calls identified through provenance analysis. To achieve this, Phoenix cleverly combines the efficiency of Seccomp filters with the accuracy of Ptrace-based deep argument inspection, and it provides the novel capability of filtering sequences of system calls through a dynamic Seccomp design. Dr. Lingyu Wang is a Professor of Computer Engineering in the School of Engineering at UBC Okanagan. Prior to joining UBC, he was a Professor in the Concordia Institute for Information Systems Engineering (CIISE) at Concordia University. He held the NSERC/Ericsson Industrial Research Chair (IRC) in SDN/NFV Security between 2019 and 2024. He received his Ph.D. degree in Information Technology in 2006 from George Mason University, USA. His research interests include cloud computing security, SDN/NFV security, network security metrics, software security, and privacy. He has been the principal investigator of over four million dollars of research grants. He has co-authored seven books, six patents, and over 150 conference and journal articles, including many published at top security conferences/journals such as S&P, CCS, USENIX Security, NDSS, TOPS, TIFS, TDSC, JCS, etc. He was the recipient of several best (student) paper awards. He has (co-)supervised 50 graduate students, among whom 10 former Ph.D. students are currently holding academic positions. He has served on the editorial boards of IEEE Transactions on Dependable and Secure Computing (TDSC), Computers & Security, and Annals of Telecommunications (ANTE). He has also served as the program (co)-chair of seven international conferences and the technical program committee member of over 150 international conferences. ------------------------------- To learn more about the Canadian Institute for Cybersecurity watch,    • Canadian Institute for Cybersecurity   Annual International Conference on Privacy, Security & Trust, https://pstnet.ca/pst2025/ #CybersecurityAwareness #CyberSecurity #NFV #CloudSecurity #AcademicResearch #AI #NetworkSecurity #Innovation Stay connected with us! Twitter:   / cic_unb   Facebook: https://fb.me/cicunbca LinkedIn:   / canadian_institute_cybersecurity   Blog: https://cyberdailyreport.com/blog Website: https://www.unb.ca/cic/ Canadian Institute for Cybersecurity University of New Brunswick 46 Dineen Drive, Fredericton, NB E3B 9W4