O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Modelling NFV Concepts with Ontologies

146 visualizações

Publicada em

Reference architectures such as ETSI's Network Function Virtualisation Reference Architecture has the potential not just to clarify terminology but to confuse it. We propose mapping such an architecture and the concepts therein into a properly defined ontology based upon a formal description logic semantics. This enables modelling and reasoning over such concepts. We extend this by showing how such a concept can be integrated with real-life components such as, in the example here, attestation and trust/integrity management in NFV itself.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Modelling NFV Concepts with Ontologies

  1. 1. 1 © Nokia 2016 Modelling NFV Concepts with Ontologies Public Ian Oliver, Sakshyam Panda, Ke Wang, Aapo Kalliola Cybersecurity Research Group Nokia Bell Labs, Finland 21 February 2018 ICIN 2018, Paris, France
  2. 2. 2 © Nokia 2016 Contents Public • Motivation • What is NFV? (Questions, what is MANO) • Modelling (Architecture, UML, DL) • Questions • Application • Attestaton Server to Attestor-Attestee • POC
  3. 3. 3 © Nokia 2016 Motivation Public • Too many questions: • What is NFV? • How do the NFV concepts relate to the actual construction of a cloud? • How do NFV concepts relate to other “architectures”
  4. 4. 4 © Nokia 2016 NFV: The Architecture Public
  5. 5. 5 © Nokia 2016 Some Architectural Questions Public • Openstack Controller … VIM or VNFM ? • Can I run an orchestrator as a VM? • If a VNF requires a “bare O/S” process, is it still a VNF? • How many clouds can a MANO manage? • Is MANO part of the NFV Cloud? • If I add a service, eg: attestation server – which manages NFVI elements and VM’s, is it a) outside the cloud, b) part of MANO or c) part of OSS/BSS? • etc
  6. 6. 6 © Nokia 2016 Rethinking NFV Public • UML • Description Logic
  7. 7. 7 © Nokia 2016 Rethinking NFV Public • NFVCloud • Server • VIM • {n1,n2,n3} in NFVCloud • {s1,s2,s3} in Server • { x } in VIM • manages(x,s1) • manages(x,s2) • deployedOn(x,s3) • nfvi(n1,s1), nfvi(n2,s2), nfvi(n3,n3) • Protege DL Tool + Pellet Reasoner S2 S3
  8. 8. 8 © Nokia 2016 Rethinking NFV Public • NFVCloud • Server • VIM • {n1,n2,n3} in NFVCloud • {s1,s2,s3} in Server • { x } in VIM • manages(x,s1) • manages(x,s2) • deployedOn(x,s3) • nfvi(n1,s1), nfvi(n2,s2), nfvi(n3,n3) • Protege DL Tool + Pellet Reasoner • Question: self-containment of clouds S2 S3
  9. 9. 9 © Nokia 2016 Properties as [Meta]-Classes Public
  10. 10. 10 © Nokia 2016 ANSSI Public
  11. 11. 11 © Nokia 2016 Attestation Server in MANO (Ugly) Public
  12. 12. 12 © Nokia 2016 Attestation as a Property Public
  13. 13. 13 © Nokia 2016 Attestation as a Property Public
  14. 14. 14 © Nokia 2016 Using the Ontologies... Public
  15. 15. 15 © Nokia 2016 Using the Ontologies... Public VNF VNF VNF
  16. 16. 16 © Nokia 2016 Using the Ontologies... Public VNF VNF VNF
  17. 17. 17 © Nokia 2016 Conclusions/Future Work Public This is part 1 :-) Distributed/Mutual Trust and Attestation Models of NFV System for Reasoning (clarifying the roles of NFV elements) • Ontological Rules => System Integrity Monitoring Construction of various ontologies/graphs • Trust Graph, • Attestation Graph • NFV Confguration Graph • Service Composition/Chaining Graph • Network Graph Construction of links over the above for reasoning, learning (ML), automation, inferences TODO: temporal rules (cf: blockchain+transaction processing) Demo – ETSI Security Week in June ‘18 (provisional)

×