IAM-based VS NFV-based implementations in Network Functions Virtualization

Network functions virtualization (NFV), along with software-defined networking (SDN), drives a new change in networking infrastructure with respect to designing, deploying, and managing various network services. In particular, NFV has potential to significantly reduce the hardware cost, greatly improve operational efficiency, and dramatically shorten the development lifecycle of network service. It also makes network functions and services much more adaptive and scalable. Despite the promising advantages of NFV, security remains to be one of the vital concerns and potential hurdle, as attack surface becomes unclear and defense line turns to be blurred in the virtualization environment. IAM is a security mechanism considered for NFV. The purpose of IAM is to enable individuals to access the right resources at the right time with the right privileges. It is used to initiate, capture, record, and manage user identities and their related access permissions to information assets in an automated fashion. Thus the access privileges are granted to the users according to the interpretation of policy rules, which are then enforced by a sequence of authentication, authorization, and auditing functions. The following is a comparison between the typical implementations of IAM mechanism and their counterparts tailored to NFV.