Research On Network Slice Deployment For Isolation Requirement

The micro-service architecture of the fifth generation mobile communication system(5G)enables operators to provide more personalized communication services for different vertical users.5G network slicing technology based on Software-Defined Networks(SDN)and Network Function Virtualization(NFV)separates the 5G network control plane from the data plane,and realizes the decoupling of network function and hardware.The 5G network slice is composed of several Virtual Network Functions(VNF)connected to each other to provide end-to-end network services for users.By deploying virtualized VNFs in virtual machines or containers,flexible deployment of network slicing can be achieved.Network slicing shared infrastructure of different vertical users makes the security boundary very blurred.When the host hosting VNF suffers from Virtual Machine(VM)co-resident attacks or container/VM escape attacks,the isolation problem between network slicing has attracted more and more attentions.Therefore,in order to meet the security isolation requirements of network slicing,this paper studies deployment methods of network slicing according to the security isolation requirements in different scenarios.The main work is as follows:1.A network slice deployment method for vertical user isolation is proposed.Firstly,to reduce security risks of network slicing caused by shared infrastructure in the NFV architecture,the deployment architecture of 5G network slicing based on Brewer-Nash(BN)model is proposed,and the security deployment rules of VNF in network slicing are designed based on BN model,so that the network slicing of different vertical users with conflicts of interests are host isolated,thus improving the security of network slicing.Secondly,the security deployment problem is established as integer linear programming model,and the low-cost deployment network slices are realized by minimizing the objective function.Finally,the BN-GA algorithm is designed based on Genetic Algorithm,which can realize the optimal deployment of network slices that meet the requirements of isolation security.Experimental results show that the proposed method can effectively reduce the deployment cost on the premise of ensuring the secure and isolated deployment of vertical user network slices.2.A network slice deployment method for multi-layer isolation is proposed.In order to meet the multi-level security isolation requirements of 5G vertical users in network slicing deployment,a double-layer BN model of 5G network slicing deployment architecture is first proposed,and a double-layer virtualization architecture of virtual machine container is designed based on Service Based Architecture(SBA).Firstly,conflict of interest labels are assigned according to the isolation requirements of network slices,and the isolation deployment strategy of network slices is determined based on the improved BN model deployment rules.Then,the problem is established as an integer linear programming model,and the deployment cost is taken as the objective function,and the low-cost deployment network slices are realized by minimizing the objective function.Finally,IBN-GA algorithm is designed based on genetic algorithm to realize the optimal deployment of network slicing in two-layer virtualization architecture.Experimental results show that the security deployment method proposed in this paper can reduce the deployment cost on the premise of meeting the requirement of multi-layer security isolation of network slice.3.A network slice deployment method for password computing isolation is proposed.In order to meet the isolation requirements of password computing services in network slicing security deployment,an NFV architecture based on password card virtualization was designed based on hardware password virtualization technology,and the allocation policy of password computing resources was set according to the password computing requirements of vertical users.Then,the problem is established as a mixed integer programming model,taking the deployment cost as the objective function,and reducing the deployment cost of network slice by minimizing the objective function.Finally,the deployment algorithm of this method is designed based on genetic algorithm.Experiments show that the proposed method reduces the deployment cost on the premise of ensuring the security and isolation of cryptographic computing.