5G Security—From Security Objectives to Operational Requirements (A11a)
Network slicing, NFV and SDN are essential technologies for achieving 5G infrastructures. They enable flexible and on-the-fly placement of network functions (VNFs/CNFs), aiming at optimizing the management of the heterogeneous (network, computational and storage) resources. This brings new security challenges that are of direct relevance for sensitives verticals and national authorities under the procurement processes. As well as for the Cloud, definition of security objectives is essential in 5G to provide flexibility in the implementation, to keep a stable framework for assessing the security over the time of different components and different technologies. Since 2017, we work on security referential to identify high level security objectives and reasonably concrete requirements for 5G network. We have addressed the core network with a focus on resource pooling scenarios of VNFs/CNFs, orchestration, various ways to implement isolation with software, hardware and organizational security controls and now extend it to the radio access network with O-RAN. Requirements (inspired from 3GPP/SCAS/ETSI specifications) focus on challenges related to the isolation of multivendor and multi-level security VNFs/CNFs on the same virtualization platform. Those requirements are mapped to concrete potential controls suitable for several robustness level. In this presentation, we illustrate the referential content with some objectives and requirements for the orchestration and the VNFs isolation/mutualisation. To conclude, we highlight the relevance of this type of referential for the assessment of 5G components under existing and/or future certification schemes.