Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.818  Word version:  17.1.0

Top   Top   None   None   Next
1…   4…
1 Scope2 References3 Definitions of terms, symbols and abbreviations3.1 Terms3.2 Symbols3.3 Abbreviations
...

 

1  Scopep. 8

The present document studies the SECAM (Security Assurance Methodology) and SCAS (Security Assurance Specification) for 3GPP virtualised network products based on SECAM and SCAS defined in TR 33.916. It makes thorough gap analysis between current SECAM/SCAS work in TR 33.916 and SECAM/SCAS work for 3GPP virtualised network products. It also identifies, defines ToE and roles of SECAM/SCAS for 3GPP virtualised network products according to deployment scenarios and decoupling ways. Based on the identified ToE and roles, the present document details the needed change or additional work to current security assurance methodology for the creation, evaluation procedure of related SCAS documents, etc. It studies new threats of the identified ToE and identifies the additional security requirements of the ToE, or/and identifies existing relevant/supporting requirements specified in ETSI NFV specifications or the equivalent. The present document also provides potential new SECAM/SCAS proposals and points out the impact to existing SECAM/SCAS documents (including TR 33.916, TR 33.926, TS 33.117, etc.).
Up

2  Referencesp. 8

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TR 33.916: "Security Assurance Methodology (SCAS) for 3GPP network products".
[3]
TR 33.926: "Security Assurance Specification (SCAS) threats and critical assets in 3GPP network product classes".
[4]
TR 33.117: "Catalogue of general security assurance requirements".
[5]
TS 28.500: "Management concept, architecture and requirements for mobile networks that include virtualised network functions".
[6]
ETSI GS NFV-SEC 001: "Network Functions Virtualisation (NFV); NFV Security; Problem Statement".
[7]
GSMA FS.16: "Network Equipment Security Assurance Scheme - Development and Lifecycle Security Requirements".
[8]
ETSI GR NFV-SEC 007: "Functions Virtualisation (NFV); Trust; Report on Attestation Technologies and Practices for Secure Deployments".
[9]
TR 33.848: "Study on security impacts of virtualisation".
→ to date, still a draft
[10]
TR 33.805: "Study on security assurance methodology for 3GPP network products (Release 12) ".
[11]
ETSI GS NFV 002: "Network Functions Virtualisation (NFV); Architectural Framework".
[12]
ETSI GS NFV-EVE 001: "Network Functions Virtualisation (NFV); Virtualisation technologies; Hypervisor Domain Requirements Specification".
[13]
ETSI GS NFV-IFA 008: "Network Functions Virtualisation (NFV); Management and Orchestration; Ve-Vnfm reference point - Interface and Information Model Specification".
[14]
ETSI GS NFV-IFA 019: "Network Functions Virtualisation (NFV); Acceleration Technologies; Acceleration Resource Management Interface Specification".
[15]
ETSI GS NFV-IFA 011: "Network Functions Virtualisation (NFV) Release 3; Management and Orchestration; VNF Descriptor and Packaging Specification".
[16]
ETSI GS NFV-SEC 012: "Network Functions Virtualisation (NFV) Release 3; Security; System architecture specification for execution of sensitive NFV components".
[17]
ETSI GS NFV 003: "Network Functions Virtualisation (NFV); Terminology for Main Concepts in NFV".
[18]
GSMA FS.14: "Network Equipment Security Assurance Scheme - Security Test Laboratory Accreditation".
[19]
GSMA FS.15: "Network Equipment Security Assurance Scheme - Development and Lifecycle Assessment Methodology".
[20]
GSMA FS.16: "Network Equipment Security Assurance Scheme - Development and Lifecycle Security Requirements".
Up

3  Definitions of terms, symbols and abbreviationsp. 9

3.1  Termsp. 9

For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
Network Functions Virtualisation Infrastructure (NFVI):
totality of all hardware and software components that build up the environment in which VNFs are deployed, as defined in ETSI GS NFV 003 [17].
Network Functions Virtualisation Orchestrator (NFVO):
functional block that manages the Network Service (NS) lifecycle and coordinates the management of NS lifecycle, VNF lifecycle (supported by the VNFM) and NFVI resources (supported by the VIM) to ensure an optimized allocation of the necessary resources and connectivity, as defined in ETSI GS NFV 003 [17].
Virtualised Infrastructure Manager (VIM):
functional block that is responsible for controlling and managing the NFVI compute, storage and network resources, usually within one operator's Infrastructure Domain (e.g. NFVI-PoP), as defined in ETSI GS NFV 003 [17].
Virtual Machine (VM):
virtualised computation environment that behaves very much like a physical computer/server, as defined in ETSI GS NFV 003 [17].
Virtualised Network Function (VNF):
implementation of an NF that can be deployed on a Network Function Virtualisation Infrastructure (NFVI), as defined in ETSI GS NFV 003 [17].
Virtualised Network Function Component (VNFC):
internal component of a VNF providing a VNF Provider a defined sub-set of that VNF's functionality, with the main characteristic that a single instance of this component maps 1:1 against a single Virtualisation Container, as defined in ETSI GS NFV 003 [17].
Virtualised Network Function Component Instance (VNFCI):
instance of a VNFC deployed in a specific Virtualisation Container instance. It has a lifecycle dependency with its parent VNF instance, as defined in ETSI GS NFV 003 [17].
Virtualised Network Function Manager (VNFM):
functional block that is responsible for the lifecycle management of VNF, as defined in ETSI GS NFV 003 [17].
VNF Package:
archive that includes a VNF descriptor, the software image(s) associated with the VNF, as well as additional artefacts, e.g. to check the integrity and to prove the validity of the archive, as defined in ETSI GS NFV 003 [17].
virtualised network product class:
class of products that implement 3GPP defined network functionalities running on Network Function Virtualisation Infrastructure (NFVI).
virtualised network product:
A virtualised network product is the instantiation of one or more virtualised network product class(es).
Up

3.2  Symbolsp. 10

Void.

3.3  Abbreviationsp. 10

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
NFV
Network Functions Virtualisation
NFVI
Network Functions Virtualisation Infrastructure
NFVO
Network Functions Virtualisation Orchestrator
VIM
Virtualised Infrastructure Manager
VM
Virtual Machine
VNF
Virtualised Network Function
VNFC
Virtualised Network Function Component
VNFCI
Virtualised Network Function Component Instance
VNFM
Virtualised Network Function Manager
Up

Up   Top   ToC