Sharing Virtualized Network Functions (VNFs) among different slices in Fifth Generation (5G) is a potential strategy to simplify the system implementation and utilize 5G resources efficiently. In this paper, we propose a security-aware VNF sharing model for 5G networks. The proposed optimization model satisfies the service requirements of various slices, enhances slice security by isolating their critical VNFs, and enhances resource utilization of the underlying physical infrastructure. The model tries to systematically decide on sharing a particular VNF based on two groups of constraints; the first group of constraints is common assignment constraints used in the existing literature. The second group is the novel security constraints that we propose in this work; the maximum traffic allowed to be processed by the VNF and the exposure of the VNF to procedures sourced via untrusted users or access networks. This sharing problem is formalized to allow for procedure-level modeling that satisfies the requirements of slice requests in 5G systems. The model is tested using standard VNFs and procedures of the 5G system rather than generic ones. The numerical results of the model show the benefits and costs of applying the security constraints along with the network performance in terms of different metrics.
翻译:在第五代(5G)不同切片之间分享虚拟网络功能(VNF)是简化系统实施和有效利用5G资源的潜在战略。在本文件中,我们提议5G网络采用一个安全觉悟的VNF共享模式。拟议的优化模式满足了各种切片的服务要求,通过隔离其关键VNF加强切片安全,并加强了基本有形基础设施的资源利用。该模式试图根据两组制约,系统地决定分享特定VNF;第一组制约是现有文献中使用的共同派任限制。第二组是我们在这项工作中提议的新颖的安全限制;允许VNF处理的最大流量,以及VNF通过不受信任的用户或接入网络接触到的程序。这一共享问题已经正式化,以便允许在程序层面建立模型,满足5G系统对切片请求的要求。该模式使用标准VNFS和5G系统的程序而不是通用程序进行测试。该模型的数字结果显示了应用不同衡量标准网络业绩的安全限制的好处和成本。</s>