1 / 6

Security Requirements for NVO3

Security Requirements for NVO3 . draft-ietf-nvo3-security-requirements-01 Sam Hartman Dacheng zhang Margaret Wasserman. Updates since -00. Extract requirements from the discussion and list them in bullets. Every requirement is associated with justification and candidate techniques .

galeno
Download Presentation

Security Requirements for NVO3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Requirements for NVO3 draft-ietf-nvo3-security-requirements-01 Sam Hartman Dacheng zhang Margaret Wasserman

  2. Updates since -00 • Extract requirements from the discussion and list them in bullets. Every requirement is associated with justification and candidate techniques. • Revise the assumptions of the analysis • Delete section 4.3 and integrate the contents into the requirements directly • The security requirements covers the data/control traffics between NVEs and hypervisors, and the data/control traffics within the NVO3 overlay • Delete the discussion about the new security challenges brought by the NVO3 architecture in Section 6

  3. Assumptions • Attacks could come from: • Underlying network of the overlay • Network connecting NVEs and hypervisors • Malicious tenant systems • Compromised hypervisors • Compromised NVEs • The compromise of NVA will result in the failure of whole security solution.

  4. Basic Principles • The tolerance of outside attackers • The confinement of inside attackers • The techniques considered: • Authentication, Authorization • Packet level security protection (integrity, origin authenticity, confidentiality) • Key Management (key usage scope) • …

  5. Future Work • Update the introduction to the NOV3 architecture • Key management requirements needs to be carefully revised. • Remove the over strict key requirements • Remove the discussion about securing NVE-NVE control traffic, and move the discussions about group keys into the data plane security. • Discuss the influences to security requirements introduced by different NVO3 network architectures.

  6. Commnets?

More Related