Pushing forward security in Network Slicing by leveraging Continuous Usage Control

Fifth generation softwarized network systemswill make it possible to flexibly partition the networkinfrastructure into logically independent networkslices, hosting end-to-end network servicesable to dynamically meet the diverse requirementsof vertical industries. However, the highdynamicity of NFV-related operations and theinterdependence of multiple slices running on topof a shared underlying infrastructure pose peculiarsecurity challenges. In this article we investigatehow such challenges can be addressed inthe context of the management and orchestration(MANO) security functions within the ETSINFV architectural framework. In particular, wetarget access control and authorization functions,and we discuss how to advance them for networkslicing deployments with continuous and closedloopusage control mechanisms. We also presenta proof of concept of a MANO frameworkextended with UCON capabilities able to regulatethe access and use of network slices accordingto customizable security policies. Preliminaryperformance evaluation proves the effectivenessof the proposed approach with minor impact onthe user experience and prompt reaction time tosecurity policy violations.