Network Function Virtualization
Network Function Virtualization: An Alternative Approach
Network function virtualization uses containerization to form building blocks which may be connected to create communication services. The components of these services may execute in isolated run-time environments in a Linux OS instance. These components need to coordinate and share data for the service execution. Unconstrained interaction among components executing under unprivileged, possibly different UIDs, may cause security breaches. Consequently, such interactions must adhere to some access control policies. The project investigates how to control the execution of network services across Linux nodes such that the coordination and data sharing adheres to the given access control policies.
Network function virtualization uses containerization to form building blocks which may be connected to create communication services. The components of these services may execute in isolated run-time environments in a Linux OS instance. These components need to coordinate and share data for the service execution. Unconstrained interaction among components executing under unprivileged, possibly different UIDs, may cause security breaches. Consequently, such interactions must adhere to some access control policies. The project investigates how to control the execution of network services across Linux nodes such that the coordination and data sharing adheres to the given access control policies.