Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Modelling NFV Concepts with Ontologies

112 views

Published on

Reference architectures such as ETSI's Network Function Virtualisation Reference Architecture has the potential not just to clarify terminology but to confuse it. We propose mapping such an architecture and the concepts therein into a properly defined ontology based upon a formal description logic semantics. This enables modelling and reasoning over such concepts. We extend this by showing how such a concept can be integrated with real-life components such as, in the example here, attestation and trust/integrity management in NFV itself.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Modelling NFV Concepts with Ontologies

  1. 1. 1 © Nokia 2016 Modelling NFV Concepts with Ontologies Public Ian Oliver, Sakshyam Panda, Ke Wang, Aapo Kalliola Cybersecurity Research Group Nokia Bell Labs, Finland 21 February 2018 ICIN 2018, Paris, France
  2. 2. 2 © Nokia 2016 Contents Public • Motivation • What is NFV? (Questions, what is MANO) • Modelling (Architecture, UML, DL) • Questions • Application • Attestaton Server to Attestor-Attestee • POC
  3. 3. 3 © Nokia 2016 Motivation Public • Too many questions: • What is NFV? • How do the NFV concepts relate to the actual construction of a cloud? • How do NFV concepts relate to other “architectures”
  4. 4. 4 © Nokia 2016 NFV: The Architecture Public
  5. 5. 5 © Nokia 2016 Some Architectural Questions Public • Openstack Controller … VIM or VNFM ? • Can I run an orchestrator as a VM? • If a VNF requires a “bare O/S” process, is it still a VNF? • How many clouds can a MANO manage? • Is MANO part of the NFV Cloud? • If I add a service, eg: attestation server – which manages NFVI elements and VM’s, is it a) outside the cloud, b) part of MANO or c) part of OSS/BSS? • etc
  6. 6. 6 © Nokia 2016 Rethinking NFV Public • UML • Description Logic
  7. 7. 7 © Nokia 2016 Rethinking NFV Public • NFVCloud • Server • VIM • {n1,n2,n3} in NFVCloud • {s1,s2,s3} in Server • { x } in VIM • manages(x,s1) • manages(x,s2) • deployedOn(x,s3) • nfvi(n1,s1), nfvi(n2,s2), nfvi(n3,n3) • Protege DL Tool + Pellet Reasoner S2 S3
  8. 8. 8 © Nokia 2016 Rethinking NFV Public • NFVCloud • Server • VIM • {n1,n2,n3} in NFVCloud • {s1,s2,s3} in Server • { x } in VIM • manages(x,s1) • manages(x,s2) • deployedOn(x,s3) • nfvi(n1,s1), nfvi(n2,s2), nfvi(n3,n3) • Protege DL Tool + Pellet Reasoner • Question: self-containment of clouds S2 S3
  9. 9. 9 © Nokia 2016 Properties as [Meta]-Classes Public
  10. 10. 10 © Nokia 2016 ANSSI Public
  11. 11. 11 © Nokia 2016 Attestation Server in MANO (Ugly) Public
  12. 12. 12 © Nokia 2016 Attestation as a Property Public
  13. 13. 13 © Nokia 2016 Attestation as a Property Public
  14. 14. 14 © Nokia 2016 Using the Ontologies... Public
  15. 15. 15 © Nokia 2016 Using the Ontologies... Public VNF VNF VNF
  16. 16. 16 © Nokia 2016 Using the Ontologies... Public VNF VNF VNF
  17. 17. 17 © Nokia 2016 Conclusions/Future Work Public This is part 1 :-) Distributed/Mutual Trust and Attestation Models of NFV System for Reasoning (clarifying the roles of NFV elements) • Ontological Rules => System Integrity Monitoring Construction of various ontologies/graphs • Trust Graph, • Attestation Graph • NFV Confguration Graph • Service Composition/Chaining Graph • Network Graph Construction of links over the above for reasoning, learning (ML), automation, inferences TODO: temporal rules (cf: blockchain+transaction processing) Demo – ETSI Security Week in June ‘18 (provisional)

×