It is becoming increasingly common for enterprises to outsource network functions to a third party provider such as a public cloud. Besides its well documented benefits in cost and flexibility, outsourcing also introduces security issues. Peeking into or modifying traffic destined to the cloud are not the only threats we have to deal with; it can also be desirable to protect VNF code, input policies, and states from a malicious cloud provider. In recent years several solutions have been proposed toward mitigating the threats of outsourcing VNFs, using either cryptographic or trusted hardware- based mechanisms (the latter typically applying SGX). In this article, we provide an overview of methods for protecting the security of outsourced network functions. We introduce the challenges and emerging requirements, analyze the state of the art, and identify the gaps between the requirements and existing solutions. Furthermore, we outline a potential way to fill these gaps in order to devise a more complete solution.

中文翻译：

---

保护外包 VNF：挑战、最新技术和未来方向

企业将网络功能外包给第三方提供商（例如公共云）变得越来越普遍。除了在成本和灵活性方面有据可查的好处外，外包还引入了安全问题。窥视或修改发往云的流量并不是我们必须应对的唯一威胁；保护 VNF 代码、输入策略和状态免受恶意云提供商的攻击也是可取的。近年来，已经提出了几种解决方案来减轻外包 VNF 的威胁，使用加密或基于可信硬件的机制（后者通常应用 SGX）。在本文中，我们概述了保护外包网络功能安全的方法。我们介绍了挑战和新出现的要求，分析了最先进的技术，并确定需求与现有解决方案之间的差距。此外，我们概述了一种填补这些空白的潜在方法，以设计出更完整的解决方案。