DVA-IR: Runtime Integrity Attestation for Secure VNF Operation in NFV

Authors

  • Vu Ngoc Hoa
  • Nguyen Viet Phan
  • Nguyen Tuan Hung
  • Ngo Hai Anh

DOI:

https://doi.org/10.54654/isj.v1i27.1160

Keywords:

NFV, security, DVA-IR, AIR

Tóm tắt

 Network Function Virtualization (NFV) improves flexibility and cost efficiency, but it also creates new security risks at the virtualization, VNF, service-chain, and orchestration layers. This paper focuses on a specific NFV security problem: detecting and containing runtime compromise of Virtual Network Functions (VNFs), including unauthorized binary, configuration, or memory-state modification, invalid attestation responses, and no-response events. We propose Dynamic VNF Attestation and Instant Response (DVA-IR), a framework that combines periodic remote attestation of running VNFs with MANO-driven isolation and replacement of compromised VNFs. Unlike access-control-only or signature-based mechanisms, DVA-IR verifies runtime VNF integrity and immediately updates service-chain forwarding behavior when compromise is detected. A Monte Carlo simulation compares DVA-IR with manual monitoring, signature-based IDS/IPS, and DVA-only attestation. The results show that DVA-IR achieves high detection quality, rapid containment, and significantly reduced service downtime, while its centralized orchestration overhead remains manageable for small-to-medium and medium-to-large NFV deployments.

Downloads

Download data is not yet available.

References

F. Z. Yousaf, M. Bredel, S. Schaller, and F.Schneider, "NFV and SDN-Key technology enablers for 5G networks," IEEE J. Sel. Areas Commun., vol. 35, no. 11, pp. 2468–2478, Nov. 2017.

H. U. Adoga and D. P. Pezaros, "Network Function Virtualization and Service Function Chaining Frameworks: A Comprehensive Review of Requirements, Objectives, Implementations, and Open Research Challenges," Future Internet, vol. 14, no. 2, pp. 59, Feb. 2022.

A. Kak, "Towards 6G Through SDN and NFV-Based Solutions for Terrestrial and Non-Terrestrial Networks," Ph.D. Thesis, Georgia Institute of Technology, Atlanta, GA, USA, 2021.

A. A. A. Shittu, "Network Function Virtualization Technology Adoption Strategies," Doctoral Study, Walden University, 2021.

N. A. S. binti Suhaimi, "Network Function Virtualization Security Challenges and Solutions," arXiv preprint, July 16, 2024.

T. Zhang, H. Qiu, L. Linguaglossa, W. Cerroni, and P. Giaccone, "NFV platforms: Taxonomy, design choices and future challenges," IEEE Trans. Netw. Serv. Manag., vol. 18, no. 1, pp. 30–48, Mar. 2021.

I. Morris, "NFV Promises Cost Savings of Nearly 70% Study" (2015), Access time: 22/05/2026, Light Reading.

ETSI, "Network Functions Virtualisation (NFV): Architectural Framework," Technical Report 002 V1.1.1, 2013.

K. Kaur, V. Mangat, and K. Kumar, "A comprehensive survey of service function chain provisioning approaches in SDN and NFV architecture," Comput.Sci. Rev., vol. 38, pp. 100298, 2020.

A. M. Medhat, T. Taleb, A. Elmangoush, G. A. Carella, S. Covaci, and T. Magedanz, "Service function chaining in next generation networks: State of the art and research challenges," IEEE Commun. Mag., vol. 55, no. 2, pp. 216–223, Feb. 2017.

H. Hantouti, N. Benamar, T. Taleb, and A. Laghrissi, "Traffic steering for service function chaining," IEEE Commun. Surv. Tutor., vol. 21, no. 1, pp. 487–507, 2018.

B. Dab, I. Fajjari, M. Rohon, C. Auboin, and A. Diquélou, "An Efficient Traffic Steering for CloudNative Service Function Chaining," in Proc. 2020 23rd Conf. on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris, France, pp. 71–78, 2020.

M. S. Bonfim, K. L. Dias, and S. F. Fernandes, "Integrated NFV/SDN architectures: A systematic literature review," ACM Comput. Surv. (CSUR), vol. 51, no. 6, pp. 1–39, 2019.

Y. Li and M. Chen, "Software-defined network function virtualization: A survey," IEEE Access, vol. 3, pp. 2542–2553, 2015.

D. E. Sarmiento, A. Lebre, L. Nussbaum, and A. Chari, "Decentralized SDN Control Plane for a Distributed Cloud-Edge Infrastructure: A Survey," IEEE Commun. Surv. Tutor., vol. 23, no. 1, pp. 256–281, 2021.

M. Pattaranantakul, R. He, Q. Song, Z. Zhang, and A. Meddahi, "NFV security survey: From use case driven threat analysis to state-of-the-art countermeasures," IEEE Commun. Surv. Tutor., vol. 20, no. 4, pp. 3330–3368, 2018.

V. Khera, "Are you aware of the security risks of Network Function Virtualization?" (2019), Access time: 22/05/2026, Cybersecurity Magazine.

S. Cherrared, S. Imadali, E. Fabre, G. Gossler, ¨ and I. G. B. Yahia, "A survey of fault management in network

virtualization environments: Challenges and solutions," IEEE Trans. Netw. Serv. Manag., vol. 16, no. 4, pp. 1537–1551, 2019.

L. Maojun, "Securing NFV the smart way" (2017), Access time: 22/05/2026, Huawei.

Thales, "Virtualized Networks and Real Risks: Best Practices for Securing Network Function Virtualization Environment," White Paper, 2019.

Z. Yan, P. Zhang, and A. V. Vasilakos, "A security and trust framework for virtualized networks and softwaredefined networking," Secur. Commun. Netw., vol. 9, no. 15, pp. 3059–3069, 2016.

A. J. Gonzalez, G. Nencioni, A. Kamisinski, B. E. Helvik, and P. E. Heegaard, "Dependability of the NFV Orchestrator: State of the Art and Research Challenges," IEEE Commun. Surv. Tutor., vol. 20, no. 4, pp. 3307–3329, 2018.

L. De Simone, A. Lanzaro, D. Cotroneo, A. Iannillo, R. Natella, W. Ping, and J. Fan, "Network Function Virtualization: Challenges and Directions for Reliability Assurance," in Proc. 2014 IEEE 25th International Symposium on Software Reliability Engineering Workshops, pp. 370–375, 2014.

M. Zoure, T. Ahmed, and L. Réveillére, "Network Services Anomalies in NFV: Survey, Taxonomy, and Verification Methods," IEEE Trans. Netw. Serv. Manag., vol. 19, no. 2, pp. 1567–1584, 2022.

N. T. Dung, N. V. Quan, and N. V. Hung, "Application of deep learning model in network reconnaissance attack detection," Journal of Science and Technology on Information Security, vol. 2, no. 16, pp. 60–72, Feb. 2023. DOI: 10.54654/isj.v1i16.922.

L. H. Hai, N. N. Hoa, P. V. On, T. M. Duc, and N. Q. Huy, "UET.SIR: An e-Government Information Security Incident Management Support Solution", Journal of Science and Technology on Information Security, vol. 2, no. 16, pp. 14–23, Feb. 2023. DOI: 10.54654/isj.v1i16.267.

R. Mijumbi, J. Serrat, J. L. Gorricho, N. Bouten, F. De Turck, and S. Latré, "Network function virtualization: State-of-the-art and research challenges," IEEE Commun. Surv. Tutor., vol. 18, no. 1, pp. 236–262, 2016.

A. Hmaity, M. Savi, F. Musumeci, M. Tornatore, and A. Pattavina, "Virtual network function placement for resilient service chain provisioning," in Proc. 2016 8th International Workshop on Resilient Networks Design and Modeling (RNDM), pp. 245–252, 2016.

S. G. Kulkarni, G. Liu, K. Ramakrishnan, M. Arumaithurai, T. Wood, and X. Fu, "REINFORCE: Achieving Efficient Failure Resiliency for Network Function Virtualization-Based Services," IEEE/ACM Trans. Netw., vol. 28, no. 2, pp. 695–708, 2020.

M. Ghaznavi, E. Jalalpour, B. Wong, R. Boutaba, and A. J. Mashtizadeh, "Fault tolerant service function chaining," in Proc. Annual Conference of the ACM Special Interest Group on Data Communication on the Applications, Technologies, Architectures, and Protocols for Computer Communication , pp. 198-210, 2020.

C. Basile, F. Valenza, A. Lioy, D. R. Lopez, and A. P. Perales, "Adding support for automatic enforcement of security policies in NFV networks," IEEE/ACM Trans. Netw., vol. 27, no. 2, pp. 707–720, 2019.

ASEE, "What is Zero Trust Security? Zero trust architecture model explained" (2024), Access time: 22/05/2026, Cybersecurity ASEE.

G. A. Carella and T. Magedanz, "Open baton: A framework for virtual network function management and orchestration for emerging software-based 5G networks," Newsletter 2015, pp. 190, 2016.

G. Sun, Z. Xu, H. Yu, X. Chen, V. Chang, and A. V. Vasilakos, "Low-latency and resource-efficient service function chaining orchestration in network function virtualization," IEEE Internet Things J., vol. 7, no. 7, pp. 5760–5772, 2019.

H. Huang, C. Zeng, Y. Zhao, G. Min, Y. Y. Zhu, W. Miao, and J. Hu, "Scalable Service Function Chain Orchestration in NFV-enabled Networks: A Federated Reinforcement Learning Approach," IEEE J. Sel. Areas Commun., vol. 39, no. 8, pp. 2558–2571, 2021.

M. Hamdan, E. Hassan, A. Abdelaziz, A. Elhigazi, B. Mohammed, S. Khan, A. V. Vasilakos, and M. N. Marsono, "A comprehensive survey of load balancing techniques in software-defined network," J. Netw. Comput. Appl., vol. 174, pp. 102856, 2021.

H. Hantouti, N. Benamar, and T. Taleb, "Service Function Chaining in 5G and Beyond Networks: Challenges and Open Research Issues," IEEE Netw., vol. 34, no. 5, pp. 320–327, 2020.

H. B. Nguyen, N. T. Dinh, J. Oh, and Y. Kim, "An Openflow-based Scheme for Service Chaining’s High Availability in Cloud Network," in Proc. International Conference on ICT Convergence, 2019.

Downloads

Abstract views: 23 / PDF downloads: 5

Published

2026-06-24

How to Cite

Hoa, V. N., Phan, N. V., Hung, N. T., & Anh, N. H. (2026). DVA-IR: Runtime Integrity Attestation for Secure VNF Operation in NFV. Journal of Science and Technology on Information Security, 1(27), 51-60. https://doi.org/10.54654/isj.v1i27.1160

Issue

No 1. CS (27) 2026

Section

Papers

License

Open Access Policy

The Journal of Science and Technology on Information Security provides open access to its published articles to broaden opportunities for high-quality research findings to be available and widely disseminated free of charge, contributing to the greater exchange of knowledge.

Open access statement: CTUJoS permits everyone to read, download, copy, distribute, print, search, or link to the full texts of the published articles without registration, price barriers, or asking for permission from the Journal or the author.

Proposed Policy for Journals That Offer Delayed Open Access

Authors who publish with this journal agree to the following terms:

1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).