Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.818  Word version:  17.1.0

Top   Top   Up   Prev   None
1…   4…
4 Overview5 Security Assurance Specification (SCAS) Creation6 Vendor development and product lifecycle processes and test laboratory accreditation7 Evaluation and SCAS instantiation8 Conclusion$ Change history

 

4  Overviewp. 10

4.1  Introductionp. 10

4.1.1  Considerations on network product class when using NFV technologyp. 10

4.1.2  Considerations on SECAM of the virtualised network productsp. 12

4.2  Scope of a SECAM SCAS for 3GPP virtualised network productsp. 12

4.2.1  Gap analysisp. 12

4.2.2  Scope of a SECAM SCASp. 12

4.3  Scope of SECAM evaluation for 3GPP virtualised network productsp. 13

4.3.1  Gap analysisp. 13

4.3.2  Scope of a SECAM evaluationp. 13

4.4  Scope of SECAM Accreditation for 3GPP virtualised network productsp. 13

4.4.1  Gap analysisp. 13

4.4.2  Scope of SECAM Accreditationp. 14

4.5  Ultimate Output of SECAM Evaluation for 3GPP virtualised network productsp. 14

4.5.1  Gap analysisp. 14

4.5.2  Ultimate Output of SECAM Evaluationp. 14

4.6  3GPP virtualised network products evaluation processp. 14

4.6.1  Gap analysisp. 14

4.6.2  Virtualised network product evaluation processp. 15

4.7  Roles in SECAM for 3GPP virtualised network productsp. 15

4.7.1  Gap analysisp. 15

4.7.2  SECAM Roles Overviewp. 15

4.7.3  Examples of instantiation of roles in SECAMp. 15

4.7.3.1  Introductionp. 15

4.7.3.2  Example: Complete self-evaluationp. 16

4.8  Operator security acceptance decision for 3GPP virtualised network productsp. 16

4.8.1  Gap analysisp. 16

4.8.2  Operator security acceptance decisionp. 16

4.9  SECAM Assurance level for 3GPP virtualised network productsp. 17

4.9.1  Gap analysisp. 17

4.9.2  SECAM Assurance levelp. 17

4.10  Security baseline for 3GPP virtualised network productsp. 17

4.10.1  Gap analysisp. 17

4.10.2  Security baselinep. 17

5  Security Assurance Specification (SCAS) Creationp. 18

5.1  Writing process overviewp. 18

5.2  SCAS documents structure and contentp. 18

5.2.1  Generalp. 18

5.2.2  ToEp. 18

5.2.3  Generic virtualised network product model class descriptionp. 18

5.2.3.1  Introductionp. 18

5.2.3.2  Generic virtualised network product model of type 1p. 19

5.2.3.2.1  Description of the GVNP modelp. 19
5.2.3.2.2  Functions defined by 3GPPp. 19
5.2.3.2.3  Other functionsp. 19
5.2.3.2.4  Operating system (OS)p. 19
5.2.3.2.5  Interfacesp. 19

5.2.3.3  Generic virtualised network product model of type 2p. 20

5.2.3.3.1  Description of the GVNP modelp. 20
5.2.3.3.2  Functions defined by 3GPPp. 21
5.2.3.3.3  Other functionsp. 21
5.2.3.3.4  Virtualisation layerp. 21
5.2.3.3.5  Interfacesp. 21

5.2.3.4  Generic virtualised network product model of type 3p. 21

5.2.3.4.1  Description of the GVNP modelp. 21
5.2.3.4.2  Functions defined by 3GPPp. 22
5.2.3.4.3  Other functionsp. 22
5.2.3.4.4  Virtualisation layerp. 22
5.2.3.4.5  Hardwarep. 22
5.2.3.4.6  Interfacesp. 22

5.2.4  Security Problem Definition (SPD) for 3GPP virtualised network products classp. 22

5.2.4.1  Introductionp. 22

5.2.4.2  Generic assets and threats of GVNP for type 1p. 22

5.2.4.2.1  Generic assets of GVNP for type 1p. 22
5.2.4.2.2  Generic threats for GVNP of type 1p. 23

5.2.4.3  Generic assets and threats for GVNP of type 2p. 28

5.2.4.3.1  Generic assets for GVNP of type 2p. 28
5.2.4.3.2  Generic threats for GVNP of type 2p. 28

5.2.4.4  Generic assets and threats for GVNP of type 3p. 32

5.2.4.4.1  Generic assets for GVNP of type 3p. 32
5.2.4.4.2  Generic threats for GVNP of type 3p. 33

5.2.4.5  Generic assets and threats for network functions supporting SBA interfacesp. 36

5.2.5  Potential Security Requirementsp. 36

5.2.5.1  Introductionp. 36

5.2.5.2  Incorporation of security requirements from existing 3GPP and ETSI specifications in current releasesp. 37

5.2.5.3  Handling of security requirementsp. 37

5.2.5.4  Guidelines for writing test casesp. 38

5.2.5.5  Potential security functional requirements and related test cases for GVNP of type 1p. 38

5.2.5.5.1  Introductionp. 38
5.2.5.5.2  Potential security functional requirements deriving from 3GPP specifications and related test casesp. 38
5.2.5.5.3  Technical baseline for potential general security functional requirementsp. 38
5.2.5.5.4  Operating systemsp. 40
5.2.5.5.5  Web serversp. 40
5.2.5.5.6  Network devicesp. 40
5.2.5.5.7  Potential security functional requirements deriving from virtualisation and related test casesp. 41
5.2.5.5.8  Potential security requirements and related test cases to Hardening for GVNP of type 1p. 44

5.2.5.6  Potential security functional requirements and related test cases for GVNP of type 2p. 46

5.2.5.6.1  Introductionp. 46
5.2.5.6.2  Potential security functional requirements deriving from 3GPP specifications and related test casesp. 47
5.2.5.6.3  Technical baselinep. 47
5.2.5.6.4  Operating systemsp. 47
5.2.5.6.5  Web serversp. 47
5.2.5.6.6  Virtualised Network devicesp. 47
5.2.5.6.7  Potential security functional requirements deriving from virtualisation and related test casesp. 47
5.2.5.6.8  Potential Security requirements and related test cases to Hardening for GVNP of type 2p. 49

5.2.5.7  Potential security functional requirements and related test cases for GVNP of type 3p. 50

5.2.5.7.1  Introductionp. 50
5.2.5.7.2  Potential security functional requirements deriving from 3GPP specifications and related test casesp. 50
5.2.5.7.3  Technical baselinep. 51
5.2.5.7.4  Operating systemsp. 51
5.2.5.7.5  Web serversp. 51
5.2.5.7.6  Network devicesp. 51
5.2.5.7.7  Potential security functional requirements deriving from virtualisation and related test casesp. 51
5.2.5.7.8  Security requirements and related test cases to Hardening for GVNP of type 3p. 53

5.3  Improvement of SCAS and new potential security requirementsp. 54

5.4  Basic vulnerability testing requirements for GVNPp. 54

5.4.1  Introductionp. 54

5.4.2  Port Scanningp. 54

5.4.3  Vulnerability Scanningp. 54

5.4.4  Robustness and Fuzz testingp. 54

6  Vendor development and product lifecycle processes and test laboratory accreditationp. 54

6.1  Overviewp. 54

6.2  Audit and accreditation of Vendor network product development and network product lifecycle management processesp. 55

6.3  Audit and accreditation of test laboratoriesp. 55

6.4  Monitoringp. 55

6.5  Dispute resolutionp. 55

7  Evaluation and SCAS instantiationp. 55

7.1  Security Assurance Specification (SCAS) instantiation documents creationp. 55

7.2  Evaluation and evaluation reportp. 56

7.2.1  Network product development process and network product lifecycle managementp. 56

7.2.2  SCAS instantiation evaluationp. 56

7.2.2.1  Overviewp. 56

7.2.2.2  Contentp. 56

7.2.2.3  Processp. 56

7.2.3  Security Compliance testingp. 56

7.2.4  Basic Vulnerability Testingp. 57

7.3  Self-declarationp. 57

7.4  Partial compliance and use of SECAM requirements in network product development cyclep. 57

7.5  Comparison between two SECAM evaluationsp. 57

7.6  The evaluation of a new versionp. 57

8  Conclusionp. 57

8.1  Way forward of SECAM/SCAS for 3GPP virtualised network productsp. 57

$  Change historyp. 59

Up   Top