ETSI GS NFV-SEC 012-2017 Network Functions Virtualisation (NFV) Release 3 Security System architecture specification for execution of sensitive NFV components (V3 1 1)《网络功能虚拟化(NFV).pdf
《ETSI GS NFV-SEC 012-2017 Network Functions Virtualisation (NFV) Release 3 Security System architecture specification for execution of sensitive NFV components (V3 1 1)《网络功能虚拟化(NFV).pdf》由会员分享,可在线阅读,更多相关《ETSI GS NFV-SEC 012-2017 Network Functions Virtualisation (NFV) Release 3 Security System architecture specification for execution of sensitive NFV components (V3 1 1)《网络功能虚拟化(NFV).pdf(17页珍藏版)》请在麦多课文档分享上搜索。
1、 ETSI GS NFV-SEC 012 V3.1.1 (2017-01) Network Functions Virtualisation (NFV) Release 3; Security; System architecture specification for execution of sensitive NFV components Disclaimer The present document has been produced and approved by the Network Functions Virtualisation (NFV) ETSI Industry Spe
2、cification Group (ISG) and represents the views of those members who participated in this ISG. It does not necessarily represent the views of the entire ETSI membership. GROUP SPECIFICATION ETSI ETSI GS NFV-SEC 012 V3.1.1 (2017-01)2 Reference DGS/NFV-SEC012 Keywords architecture, NFV, security ETSI
3、650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/w
4、ww.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived diff
5、erence in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or ch
6、ange of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupport
7、Staff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorizati
8、on of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are T
9、rade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI GS NFV-SEC 012 V3.1.1 (2017-01)3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs termin
10、ology 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34 Principles 7g34.1 Introduction 7g35 Platform requirements 7g35.1 Core hardware requirements. 7g35.2 Core software requireme
11、nts 8g36 Lifecycle . 9g36.1 Trusted Computing Base 9g36.2 Workload provisioning . 9g36.3 Runtime checks 10g36.4 Entropy and random numbers 10g36.5 Cryptographic primitives 11g36.6 Installed software and configurations on host system 12g36.7 De-provisioning workloads 12g36.8 Dealing with failure 13g3
12、6.8.0 General points . 13g36.8.1 Requirements relating to failure conditions 13g37 External dependencies 13g38 Architecture section 13g38.0 System hardening techniques . 13g38.1 Secure logging 14g38.2 OS-level access and confinement control . 14g38.3 Physical controls and alarms 14g38.4 Authenticati
13、on controls 14g38.5 Access controls . 14g38.6 Communications security . 15g38.7 Boot 15g38.8 Attestation 15g38.9 Hardware-mediated execution enclaves . 15g38.10 Hardware-Based Root of Trust (HBRT) 15g38.11 Self-encrypting storage . 15g38.12 Direct access to memory 16g38.13 Hardware Security Modules
14、. 16g38.14 Software integrity protection and verification 16g3History 17g3ETSI ETSI GS NFV-SEC 012 V3.1.1 (2017-01)4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any
15、, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on
16、 the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or ma
17、y be, or may become, essential to the present document. Foreword This Group Specification (GS) has been produced by ETSI Industry Specification Group (ISG) Network Functions Virtualisation (NFV). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “ne
18、ed not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI GS NFV-SEC 012 V3.1.1
19、 (2017-01)5 1 Scope The present document defines requirements for host system elements on which sensitive workloads are to be run. The present document defines requirements to ensure isolation of sensitive workloads from non-sensitive workloads sharing a platform. The present document discusses a wi
20、de range of different technologies which aim to increase the security of a host system for the workloads which will be executing on it. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. Fo
21、r specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at https:/docbox.etsi.org/Re
22、ference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 ETSI TS 133 310: “Universal Mobile Telecommunications Sys
23、tem (UMTS); LTE; Network Domain Security (NDS); Authentication Framework (AF) (3GPP TS 33.310)“. 2 ETSI TS 133 210: “Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3G security; Network Domain Security (NDS); IP network layer secur
24、ity (3GPP TS 33.210)“. 3 ISO/IEC 18031:2001: “Information technology - Security techniques - Random bit generation or equivalent specification“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For
- 1.请仔细阅读文档,确保文档完整性,对于不预览、不比对内容而直接下载带来的问题本站不予受理。
- 2.下载的文档,不会出现我们的网址水印。
- 3、该文档所得收入(下载+内容+预览)归上传者、原创作者;如果您是本文档原作者,请点此认领!既往收益都归您。
下载文档到电脑,查找使用更方便
10000 积分 0人已下载
下载 | 加入VIP,交流精品资源 |
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ETSIGSNFVSEC0122017NETWORKFUNCTIONSVIRTUALISATIONNFVRELEASE3SECURITYSYSTEMARCHITECTURESPECIFICATIONFOREXECUTIONOFSENSITIVENFVCOMPONENTSV311

链接地址:http://www.mydoc123.com/p-733385.html