Visible to the public Multi-Tenancy-Capable Correlation of Security Events in 5G Networks

Submitted by aekwall on Mon, 05/04/2020 - 10:07am
TitleMulti-Tenancy-Capable Correlation of Security Events in 5G Networks
Publication TypeConference Paper
Year of Publication2018
AuthorsSteinke, Michael, Adam, Iris, Hommel, Wolfgang
Conference Name2018 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)
Keywords5G mobile communication, 5G mobile networks, 5G networks, cloud computing, Computer architecture, computer network management, Correlation, correlation workflow, event processing, infrastructure-as-a-service cloud providers, mobile computing, mobile network operators, Monitoring, multi-tenancy management, multitenancy-capable correlation, multitenancy-capable event correlation architecture, multitenancy-capable management architectures, Network Security Architecture, network slicing, network-slice-centric security event correlation, NFV, pubcrawl, Resiliency, security, security events, security management, security management systems, software-as-a-service providers, Stakeholders, telecommunication computing, telecommunication security, telecommunication service providers, telecommunication services
AbstractThe concept of network slicing in 5G mobile networks introduces new challenges for security management: Given the combination of Infrastructure-as-a-Service cloud providers, mobile network operators as Software-as-a-Service providers, and the various verticals as customers, multi-layer and multi-tenancy-capable management architectures are required. This paper addresses the challenges for correlation of security events in such 5G scenarios with a focus on event processing at telecommunication service providers. After an analysis of the specific demand for network-slice-centric security event correlation in 5G networks, ongoing standardization efforts, and related research, we propose a multi-tenancy-capable event correlation architecture along with a scalable information model. The event processing, alerting, and correlation workflow is discussed and has been implemented in a network and security management system prototype, leading to a demonstration of first results acquired in a lab setup.
DOI10.1109/NFV-SDN.2018.8725633
Citation Keysteinke_multi-tenancy-capable_2018
Groups: