Opening-up sharing has prompted the multi-tenancy architecture, whereby different vendors (including outsourcees) work together with network operators to form a vibrant service ecosystem, resulting in several advantages as well as risks. In particular, the static nature of existing architectures in network functions virtualization-based (NFV-based) clouds facilitate hacking. Thus, much attention has been focused on determining how to avoid the uncontrollable cloud security induced by complex production relations and non-trustworthy software/hardware sources when the two sets of security risks intersect. In this article, we investigate latent persistent threats against cloud environments and determine a high degree of complementarity and consistency between the NFV-based cloud environment and the dynamic defense concept. More specifically, new NFV-based cloud features provide an effective implementation for dynamic defense, while the generalized robustness of dynamic defense theory allows for high security gains. Intrinsic cloud security (iCS) is then proposed to align NFV-based clouds, mimicking defense and the moving target defense (MTD) paradigm to implement a seamless integration and symbiosis evolution between security and NFV-based clouds. We quantify the impact on system overhead to account for efficiency and cost issues. The simulation analysis demonstrates that the enhanced mode is able to consistently obtain a more beneficial and stable defense compared with the counterparts.

中文翻译：

---

本质安全：通过主动防御范式实现云原生网络切片的稳健框架


开放共享催生了多租户架构，不同厂商（包括外包商）与网络运营商合作，形成充满活力的服务生态系统，带来了多种优势，也带来了风险。特别是，基于网络功能虚拟化（基于 NFV）的云中现有架构的静态特性有利于黑客攻击。因此，当这两类安全风险交叉时，如何避免因复杂的生产关系和不可信的软硬件来源而导致的云安全不可控成为人们关注的焦点。在本文中，我们研究了针对云环境的潜在持续威胁，并确定基于 NFV 的云环境与动态防御概念之间的高度互补性和一致性。更具体地说，基于 NFV 的新云功能为动态防御提供了有效的实现，而动态防御理论的广义稳健性可实现高安全增益。然后提出内在云安全（iCS）来调整基于 NFV 的云，模仿防御和移动目标防御（MTD）范式，以实现安全与基于 NFV 的云之间的无缝集成和共生演进。我们量化对系统开销的影响，以考虑效率和成本问题。仿真分析表明，与其他模式相比，增强模式能够持续获得更有利、更稳定的防御。