M. Pattaranantakul, R. He, Q. Song, Z. Zhang, and A. Meddahi, NFV Security Survey: From Use Case Driven Threat Analysis to State-of-the-Art Countermeasures, IEEE Communications Surveys and Tutorials, vol.20, issue.4, pp.3330-3368, 2018.

M. Pattaranantakul, R. He, Z. Zhang, A. Meddahi, and P. Wang, Leveraging Network Functions Virtualization Orchestrators to Achieve Software-Defined Access Control in the Clouds, IEEE Transactions on Dependable and Secure Computing (TDSC), 2018.

, A.2 International conferences and workshops

M. Pattaranantakul, R. He, A. Meddahi, and Z. Zhang, SecMANO: Towards Network Functions Virtualization (NFV) based Security MANagement and Orchestration, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp.598-605, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01740185

M. Pattaranantakul, Y. Tseng, R. He, Z. Zhang, and A. Meddahi, A First Step Towards Security Extension for NFV Orchestrator, ACM International Workshop on SDN-NFV Security' 17, pp.25-30, 2017.

Y. Tseng, M. Pattaranantakul, R. He, Z. Zhang, and F. Naït-abdesselam, Controller DAC: Securing SDN Controller with Dynamic Access Control, pp.1-6, 2017.

R. He, M. Pattaranantakul, Z. Zhang, and T. Duval, SoDAC: A New Software-Defned Access Control Paradigm for Cloud-based Systems, The 19th International Conference on Information and Communications Security (ICICS'17), pp.570-581, 2017.

M. Pattaranantakul, Q. Song, Y. Tian, and Z. Zhang, Towards Secure and Dependable Service Function Chaining (SFC), International Conference on Security and Privacy in Communication Networks (SecureComm' 19), 2019.

M. Pattaranantakul, Z. Zhang, and A. Meddahi, Network Functions Virtualization (NFV) Security -A Survey, pp.1-227, 2015.

M. Pattaranantakul, Y. Tseng, Z. Zhang, and A. Meddahi, Towards Security Extensions for Cloud Orchestration -A Survey on NFV Management and Orchestration Frameworks, pp.1-182, 2016.

, Telecommunication Management; Study on Management and Orchestration of Network Slicing for Next Generation Network, vol.01, p.3, 2018.

M. B. Bierman and K. Watsen, , 2016.

A. Bierman, M. Bjorklund, K. Watsen, R. Fernando, and . Protocol, , 2013.

O. Abdelrahem, A. M. Bahaa-eldin, and A. Taha, Virtualization security: A survey, ICCES, pp.32-40, 2016.

H. Albaroodi, S. Manickam, and P. Singh, Critical Review of OpenStack Security: Issues and Weaknesses, Journal of Computer Science, vol.10, 2014.

A. Lucent, CloudBand 3.0: The Production Platform for NFV, pp.2018-2019, 2014.

A. , Advanced Networked Agents for Security and Trust Assessment in CPS/IoT Architectures, pp.2018-2019, 2017.

C. A. Ardagna, M. Cremonini, E. Damiani, S. D. Di-vimercati, and P. Samarati, Supporting Location-based Conditions in Access Control Policies, ASIACCS '06, pp.212-222, 2006.

. At&t-inc, Enhanced Control, Orchestration, Management & Policy Architecture White Paper, 2016.

A. M. Azab, P. Ning, and X. Zhang, SICE: A Hardware-level Strongly Isolated Computing Environment for x86 Multi-core Platforms, CCS '11, pp.375-388, 2011.

A. Baliga, X. Chen, B. Coskun, G. De-los-reyes, S. Lee et al., VPMN: Virtual Private Mobile Network Towards Mobility-as-a-service, MCS '11, pp.7-12, 2011.

M. Bari, S. R. Chowdhury, R. Ahmed, and R. Boutaba, On Orchestrating Virtual Network Functions, CNSM '15, pp.50-56, 2015.

E. B. Barker, W. C. Barker, W. E. Burr, W. T. Polk, and M. E. Smid, SP 800-57. Recommendation for Key Management, Part 1: General (Revised), 2007.

M. T. Beck and J. F. Botero, Coordinated Allocation of Service Function Chains, 2015 IEEE Global Communications Conference (GLOBECOM), pp.1-6, 2015.

M. Bellare, C. Namprempre, and G. Neven, Unrestricted Aggregate Signatures. In Automata, Languages and Programming, 34th International Colloquium, Proceedings, pp.411-422, 2007.

S. Berger, R. Caceres, K. Goldman, D. Pendarakis, R. Perez et al., Security for the Cloud Infrastructure: Trusted Virtual Data Center Implementation, IBM Journal of Research and Development, vol.53, issue.4, p.12, 2009.

S. Berger, R. Cáceres, D. Pendarakis, R. Sailer, E. Valdez et al., TVDc: Managing Security in the Trusted Virtual Datacenter, SIGOPS Oper. Syst. Rev, vol.42, issue.1, pp.40-47, 2008.

C. Bernardos, A. Rahman, J. Zuniga, L. Contreras, and P. Aranda, Network Virtualization Research Challenges, pp.2017-2027, 2016.

, Big Switch Networks. Project Floodlight, 2016.

M. Bjorklund, YANG -A Data Modeling Language for the Network Configuration Protocol (NETCONF), 2010.

G. Bloom, E. Leontie, B. Narahari, and R. Simha, Chapter 12: Hardware and Security -Vulnerabilities and Solutions, 2012.

A. Boldyreva, C. Gentry, A. O'neill, and D. H. Yum, Ordered Multisignatures and Identity-based Sequential Aggregate Signatures, with Applications to Secure Routing, Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pp.276-285, 2007.

D. Boneh, C. Gentry, B. Lynn, and H. Shacham, Aggregate and Verifiably Encrypted Signatures from Bilinear Maps, Advances in Cryptology -EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, pp.416-432, 2003.

P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. Mckeown et al., P4: Programming protocol-independent packet processors, SIGCOMM Comput. Commun. Rev, vol.44, issue.3, pp.87-95, 2014.

J. Brassil, Physical Layer Network Isolation in Multi-tenant Clouds, ICDCSW '10, pp.77-81, 2010.

. Bro, The Bro Network Security Monitor, pp.2017-2026, 2016.

Z. Bronstein and E. Shraga, NFV virtualisation of the Home Environment, CCNC '14, pp.899-904, 2014.

S. Bugiel, L. Davi, A. Dmitrienko, S. Heuser, A. Sadeghi et al., Practical and Lightweight Domain Isolation on Android, SPSM '11, pp.51-62, 2011.

S. Byma, J. G. Steffan, H. Bannazadeh, A. L. Garcia, and P. Chow, FPGAs in the Cloud: Booting Virtualized Hardware Accelerators with OpenStack, Field-Programmable Custom Computing Machines (FCCM), pp.109-116, 2014.

C. Meyer and J. Schwenk, SoK: Lessons Learned from SSL/TLS Attacks, WISA' 13, pp.189-209, 2014.

G. Carrozzo, R. Szabo, and K. Pentikousis, Network Function Virtualization: Resource Orchestration Challenges, pp.2017-2024, 2015.

M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. Mckeown et al., Ethane: Taking Control of the Enterprise, SIGCOMM '07, pp.1-12, 2007.

M. Casazza, P. Fouilhoux, M. Bouet, and S. Secci, Securing Virtual Network Function Placement with High Availability Guarantees, IFIP Networking' 17, pp.1-9, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01445494

R. Chayapathi, S. F. Hassan, and P. Shah, Network Functions Virtualization (NFV) with A Touch of SDN. Pearson Education, 2016.

P. Chi, C. Kuo, J. Guo, and C. Lei, How to detect a compromised SDN switch, Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft), pp.1-6, 2015.

W. Chiang and J. Chen, TW-KEAP: An Efficient Four-party Key Exchange Protocol for End-to-end Communications, SIN '11, pp.167-174, 2011.

T. Chou, Security Threats on Cloud Computing Vulnerabilities. IJCSIT, 5, 2013.

C. Chow and M. F. Mokbel, Privacy in Location-based Services: A System Architecture Perspective, SIGSPATIAL Special, vol.1, issue.2, pp.23-27, 2009.

A. Cilardo and D. Argenziano, Securing the cloud with reconfigurable computing: An fpga accelerator for homomorphic encryption, 2016 Design, Automation Test in Europe Conference Exhibition (DATE), pp.1622-1627, 2016.

. Cisco, Network Virtualization -Path Isolation Design Guide, pp.2017-2026, 2009.

. Cisco, Understanding and Configuring VLANs, pp.2017-2028, 2012.

. Cisco, , pp.2017-2026, 2014.

. Cisco and . White, Paper: Flexible Workload Mobility and Server Placement with VXLAN Routing on Cisco CSR 1000V and Cisco Nexus 1000V, pp.2017-2028, 2014.

. Cisco, . Vxlan-design, and . Deployment, , pp.2017-2028, 2016.

, Cloud Computing Top Threats in 2016, pp.2017-2024, 2016.

, Security Position Paper: Network Function Virtualization

, /assets/research/virtualization/Security Position Paper-Network Function Virtualization.pdf, pp.2017-2025, 2016.

. Cloudify, Cloudify Pure-Play NFV Management and Orchestration, pp.2018-2019, 2015.

. Cloudnfv, . Taking, and . Cloud, , pp.2018-2019, 2013.

P. Cox, PaaS Threats In The Cloud, pp.2017-2024, 2010.

A. Csoma, B. Sonkoly, L. Csikor, F. Németh, A. Gulyas et al., ESCAPE: Extensible Service Chain Prototyping Environment Using Mininet, Click, NETCONF and POX, Proceedings of the 2014 ACM Conference on SIGCOMM, SIGCOMM '14, pp.125-126, 2014.

B. Cui and T. Xi, Security Analysis of Openstack Keystone, IMIS' 15, pp.283-288, 2015.

, Considerations for Securing SDN/NFV, pp.2017-2029, 2016.

W. Dai, Commutative-like Encryption: A New Characterization of ElGamal. CoRR, abs/1011, vol.3718, 2010.

G. Davoli, W. Cerroni, C. Contoli, F. Foresta, and F. Callegati, Implementation of service function chaining control plane through OpenFlow, 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp.1-4, 2017.

W. Dawoud, I. Takouna, and C. Meinel, Infrastructure as a Service Security: Challenges and Solutions, INFOS' 10, pp.1-8, 2010.

H. Deng, C. Donley, and J. Zemlin, Open-O: Unified NFV/SDN Open Source Orchestrator, 2016.

J. Deng, H. Hu, H. Li, Z. Pan, K. Wang et al., VNGuard: An NFV/SDN Combination Framework for Provisioning and Managing Virtual Firewalls, IEEE NFV-SDN' 15, pp.107-114, 2015.

J. Deng, H. Li, H. Hu, K. Wang, G. Ahn et al., On the Safety and Efficiency of Virtual Firewall Elasticity Control, NDSS' 17, 2017.

M. Dhawan, R. Poddar, K. Mahajan, and V. Mann, SPHINX: detecting security attacks in software-defined networks, 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, pp.1-15, 2015.

A. E. Mady, R. Trapero, A. Skarmeta, and S. Bianchi, Towards Secure Building Management System based on Internet of Things, CENICS' 17, pp.61-644, 2017.

, Docker. Docker Swarm Overview, 2015.

Y. Dodis, W. Luo, S. Xu, and M. Yung, Key-insulated Symmetric Key Cryptography and Mitigating Attacks Against Cryptographic Cloud Software, ASIACCS '12, pp.57-58, 2012.

R. Doriguzzi-corin, S. Scott-hayward, D. Siracusa, and E. Salvadori, Application-Centric provisioning of virtual security network functions, 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp.276-279, 2017.

A. Dutta, Security Challenges and Opportunities in SDN, 2016.

R. A. Eichelberger, T. Ferreto, S. Tandel, and P. A. Duarte, SFC Path Tracer: A troubleshooting tool for Service Function Chaining, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp.568-571, 2017.

. Enisa, Threat Landscape and Good Practice Guide for Software Defined Networks, pp.2017-2028, 2015.

, ETSI. Network Functions Virtualization: An Introduction, Benefits, Enablers, Challenges & Call for Action, pp.2016-2022, 2012.

. Etsi, Network Functions Virtualization (NFV

, NFV Performance & Portability Best Practices, 2014.

. Etsi, Network Functions Virtualization: Ecosystems; Report on SDN Usage in NFV Architectural Framework, 2015.

. Etsi, Network Functions Virtualization (NFV); Ecosystem, Report on SDN Usage in NFV Architectural Framework, 2015.

. Etsi, Network Functions Virtualization (NFV

, Management and Orchestration, Network Service Templates Specification, 2016.

. Etsi, Network Functions Virtualization (NFV

. Etsi, Network Functions Virtualization (NFV

. Etsi-gs-nfv-man-001, Network Functions Virtualization (NFV); Management and Orchestration

. Etsi-gs-nfv-sec-001, Network Functions Virtualization (NFV

. Nfv and . Security, Problem Statement, pp.2016-2023, 2014.

. Etsi-gs-nfv-sec-003, Network Functions Virtualization (NFV); NFV Security; Security and Trust Guidance, pp.2018-2024, 2016.

. Etsi-gs-nfv-sec-006, Network Functions Virtualization (NFV), Report on Security Aspects and Regulatory Concerns, pp.2018-2024, 2016.

. Etsi-gs-nfv-sec-009, NFV Security; Report on Use cases and Technical Approaches for Multi-layer Host Administration, pp.2018-2024, 2017.

. Etsi-gs-nfv-sec-012, Network Functions Virtualization (NFV) Release 3; Security; System Architecture Specification for Execution of Sensitive NFV Components, pp.2018-2024, 2017.

. Etsi-gs-nfv-sec-013, Network Functions Virtualization (NFV) Release 3; Security; Security Management and Monitoring Specification, pp.2018-2024, 2017.

I. Farris, J. B. Bernabe, N. Toumi, D. Garcia-carrillo, T. Taleb et al., Towards Provisioning of SDN/NFV-based Security Enablers for Integrated Protection of IoT Systems, CSCN' 17, pp.169-174, 2017.

S. K. Fayaz, Y. Tobioka, V. Sekar, and M. Bailey, Bohatei: Flexible and Elastic DDoS Defense, SEC' 15, pp.817-832, 2015.

D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, Proposed NIST Standard for Role-based Access Control, ACM Trans. Inf. Syst. Secur, vol.4, issue.3, pp.224-274, 2001.

M. D. Firoozjaei, J. Jeong, H. Ko, and H. Kim, Security Challenges with Network Functions Virtualization, Future Generation Comp. Syst, 2017.

M. D. Firoozjaei, J. P. Jeong, H. Ko, and H. Kim, Security Challenges with Network Functions Virtualization, Future Generation Computer Systems, vol.67, pp.315-324, 2017.

M. Flittner, J. M. Scheuermann, and R. Bauer, ChainGuard: Controller-independent verification of service function chaining in cloud computing, 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp.1-7, 2017.

T. Garfinkel and M. Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection, Proc. Network and Distributed Systems Security Symposium, pp.191-206, 2003.

A. Gember, R. Grandl, J. Khalid, and A. Akella, Design and Implementation of a Framework for Software-defined Middlebox Networking, SIGCOMM Comput. Commun. Rev, vol.43, issue.4, pp.467-468, 2013.

S. Gharout, A. Bouabdallah, M. Kellil, and Y. Challal, Key Management with Host Mobility in Dynamic Groups, SIN '10, pp.186-194, 2010.

M. Ghaznavi, N. Shahriar, R. Ahmed, and R. Boutaba, Service Function Chaining Simplified, 2016.

M. Ghaznavi, N. Shahriar, S. Kamali, R. Ahmed, and R. Boutaba, Distributed Service Function Chaining, IEEE Journal on Selected Areas in Communications, vol.35, issue.11, pp.2479-2489, 2017.

K. Giotis, Y. Kryftis, and V. Maglaris, Policy-based Orchestration of NFV Services in Software-Defined Networks, NetSoft' 15, pp.1-5, 2015.

A. J. Gonzalez, G. Nencioni, A. Kamisi?ski, B. E. Helvik, and P. E. Heegaard, Dependability of the NFV Orchestrator: State of the Art and Research Challenges, IEEE Communications Surveys Tutorials, vol.20, issue.4, pp.3307-3329, 2018.

N. Gude, T. Koponen, J. Pettit, B. Pfaff, M. Casado et al., NOX: Towards an Operating System for Networks, SIGCOMM Comput. Commun. Rev, vol.38, issue.3, pp.105-110, 2008.

W. Haeffner, J. Napper, M. Stiemerling, and D. Lopez, Service Function Chaining Use Cases in Mobile Networks, 2019.

J. Halpern and C. Pignataro, Service Function Chainning (SFC) Architecture, 2015.

H. Hamed and E. Al-shaer, Taxonomy of conflicts in network security policies, IEEE Communications Magazine, vol.44, issue.3, pp.134-141, 2006.

B. Han, V. Gopalakrishnan, L. Ji, and S. Lee, Network Function Virtualization: Challenges and Opportunities for Innovations, IEEE Communications Magazine, vol.53, issue.2, pp.90-97, 2015.

J. Han, Data Mining: Concepts and Techniques, 2005.

D. Hardt, The OAuth 2.0 Authorization Framework, pp.2017-2019, 2012.

M. Hashimoto and J. Bender, , 2010.

K. Hashizume, D. G. Rosado, E. Fernández-medina, and E. B. Fernández, An Analysis of Security Issues for Cloud Computing, J. Internet Services and Applications, vol.4, issue.1, 2013.

R. He, M. Pattaranantakul, Z. Zhang, and T. Duval, SDAC: A New Software-Defined Access Control Paradigm for Cloud-Based Systems, ICICS' 17, pp.570-581, 2017.

, Heat. OpenStack Orchestration Service, 2014.

S. Hong, L. Xu, H. Wang, and G. Gu, Poisoning network visibility in software-defined networks: New attacks and countermeasures, 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, pp.1-15, 2015.

. Hostap and . Hostapd, IEEE 802.11 AP, IEEE 802.1X/ WPA/ WPA2/ EAP/ RADIUS Authenticator, pp.2017-2019, 2012.

, Business White Paper: The Reality of Cost Reduction (Rev. 2), HP, pp.2017-2028, 2017.

H. Huang, S. Guo, J. Wu, and J. Li, Service Chaining for Hybrid Network Function, IEEE Transactions on Cloud Computing, pp.1-1, 2017.

Y. L. Huang, B. Chen, M. W. Shih, and C. Y. Lai, Security Impacts of Virtualization on a Network Testbed, SERE' 12, pp.71-77, 2012.

. Huawei, White Paper -Observation to NFV, pp.2017-2023, 2014.

J. Y. Hwang, D. H. Lee, and M. Yung, Universal Forgery of the Identity-based Sequential Aggregate Signature Scheme, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS '09, pp.157-160, 2009.

A. S. Ibrahim, J. Hamlyn-harris, J. Grundy, and M. Almorsy, CloudSec: A Security Monitoring Appliance for Virtual Machines in the IaaS Cloud Model, NSS '11, pp.113-120, 2011.

. Ihs-markit, Network Functions Virtualization Market Worth Over 15B Dollars By 2020, pp.2017-2026, 2016.

I. Research, The Evolution of SDN and NFV Orchestration, pp.2017-2022, 2015.

E. Jacob, J. Matias, A. Mendiola, V. Fuentes, J. Garay et al., Deploying a Virtual Network Function over a Software Defined Network Infrastructure: Experiences Deploying an Access Control VNF in the University of Basque Country's OpenFlow Enabled Eacility, TNC '14, 2014.

B. Jaeger, Security Orchestrator: Introducing a Security Orchestrator in the Context of the ETSI NFV Reference Architecture, IEEE Trustcom/BigDataSE/ISPA, vol.1, pp.1255-1260, 2015.

R. Jain and S. Paul, Network Virtualization and Software Defined Networking for Cloud Computing: a Survey, IEEE Communications Magazine, vol.51, issue.11, pp.24-31, 2013.

S. Jain, F. Shafique, V. Djeric, and A. Goel, Application-level Isolation and Recovery with Solitude, SIGOPS Oper. Syst. Rev, vol.42, issue.4, pp.95-107, 2008.

M. A. Jamshed, J. Lee, S. Moon, I. Yun, D. Kim et al., Kargus: A Highly-scalable Software-based Intrusion Detection System, CCS '12, pp.317-328, 2012.

X. Jin, R. Krishnan, and R. Sandhu, A Unified Attribute-based Access Control Model Covering DAC, MAC and RBAC, DBSec' 12, pp.41-55, 2012.
URL : https://hal.archives-ouvertes.fr/hal-01534757

Y. Juba, H. Huang, and K. Kawagoe, POSTER: Security Control System Enabling to Keep an Intra-LAN in a Secure State Using Security-and-Performance Ratio Control Policies, CCS '14, pp.1442-1444, 2014.

A. A. Kalam, S. Benferhat, A. Miège, R. E. Baida, F. Cuppens et al., Organization Based Access Control, POLICY' 03, pp.120-131, 2003.
URL : https://hal.archives-ouvertes.fr/hal-01483818

J. Keeney, S. V. Meer, and L. Fallon, Towards Real-time Management of Virtualized Telecommunication Networks, CNSM' 14, pp.388-393, 2014.

A. Kern and C. Walhorn, Rule Support for Role-based Access Control, SACMAT '05, pp.130-138, 2005.

T. H. Kim, C. Basescu, L. Jia, S. B. Lee, Y. Hu et al., Lightweight Source Authentication and Path Validation, Proceedings of the 2014 ACM Conference on SIGCOMM, SIGCOMM '14, pp.271-282, 2014.

D. Kreutz, F. M. Ramos, P. E. Veríssimo, C. E. Rothenberg, S. Azodolmolky et al., Software-defined networking: A comprehensive survey, Proceedings of the IEEE, vol.103, issue.1, pp.14-76, 2015.

S. Kumar, M. Tufail, S. Majee, C. Captari, and S. Homma, Service Function Chaining Use Cases in Data Centers, 2017.

S. Lal, T. Taleb, and A. Dutta, NFV: Security Threats and Best Practices, IEEE Communications Magazine, issue.99, pp.2-8, 2017.

K. E. Lauter, Practical Applications of Homomorphic Encryption, CCSW' 12, pp.57-58, 2012.

A. Lemke, How to Manage Security in NFV Environment, pp.2017-2029, 2014.

Q. Li, X. Zhang, M. Xu, and J. Wu, Towards secure dynamic collaborations with group-based RBAC model, Computers & Security, vol.28, issue.5, pp.260-275, 2009.

Q. Li, X. Zou, Q. Huang, J. Zheng, and P. P. Lee, Dynamic Packet Forwarding Verification in SDN, IEEE Transactions on Dependable and Secure Computing, pp.1-16, 2018.

Y. Li and M. Chen, Software-Defined Network Function Virtualization: A Survey, IEEE Access, vol.3, pp.2542-2553, 2015.

, Linux Foundation. OVS: Open vSwitch, 2019.

, Linux Foundation Projects. Open Security Controller, 2017.

W. Liu, H. Li, O. Huang, M. Boucadair, N. Leymann et al., Service Function Chaining (SFC) General Use Cases, 2014.

M. C. Luizelli, L. R. Bays, L. S. Buriol, M. P. Barcellos, and L. P. Gaspary, Piecing together the NFV provisioning puzzle: Efficient placement and chaining of virtual network functions, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp.98-106, 2015.

B. Lynn, PBC (Pairing-Based Cryptography, 2006.

T. Macaulay, The 7 Deadly Threats to 4G: 4G LTE Security Roadmap and Reference Design, pp.2017-2024, 2013.

C. Makaya, D. Freimuth, D. Wood, and S. Calo, Policy-based NFV Management and Orchestration, NFV-SDN' 15, pp.128-134, 2015.

E. Markatos, Large Scale Attacks on the Internet Lessons learned from the LOBSTER Project, pp.2017-2024, 2008.

B. Martini and F. Paganelli, A Service-Oriented Approach for Dynamic Chaining of Virtual Network Functions over Multi-Provider Software-Defined Networks, Future Internet, vol.8, issue.2, 2016.

S. Mavoungou, G. Kaddoum, M. Taha, and G. Matar, Survey on Threats and Attacks on Mobile Networks, IEEE Access, vol.4, pp.4543-4572, 2016.

J. Mcdowall, Inherent Security Design Patterns for SDN/NFV Deployments, pp.2017-2027, 2016.

D. Mckay, A Deep Dive Into Hyperjacking, pp.2017-2019, 2011.

M. Mechtri, C. Ghribi, O. Soualah, and D. Zeghlache, NFV Orchestration Framework Addressing SFC Challenges, IEEE Communications Magazine, vol.55, issue.6, pp.16-23, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01629431

M. Mechtri, C. Ghribi, and D. Zeghlache, A Scalable Algorithm for the Placement of Service Function Chains, IEEE Trans. on Netw. and Serv. Manag, vol.13, issue.3, pp.533-546, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01355234

A. M. Medhat, G. A. Carella, M. Pauls, and T. Magedanz, Extensible framework for elastic orchestration of service function chains in 5G networks, 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp.327-333, 2017.

A. M. Medhat, G. A. Carella, M. Pauls, M. Monachesi, M. Corici et al., Resilient Orchestration of Service Functions Chains in a NFV environment, NFV-SDN' 16, pp.7-12, 2016.

S. Meng and L. Liu, Monitoring-as-a-service in the Cloud: Spec Phd Award (Invited Abstract), ICPE '13, pp.373-374, 2013.

C. Meyer and J. Schwenk, Lessons Learned From Previous SSL/TLS Attacks -A Brief Chronology Of Attacks And Weaknesses, Cryptology ePrint Archive, 2013.

R. Mijumbi, J. Serrat, J. Gorricho, S. Latre, M. Charalambides et al., Management and Orchestration Challenges in Network Functions Virtualization, IEEE Communications Magazine, vol.54, issue.1, pp.98-105, 2016.

C. Modi, D. Patel, B. Borisanya, A. Patel, and M. Rajarajan, A Novel Framework for Intrusion Detection in Cloud, SIN '12, pp.67-74, 2012.

A. Morais and A. Cavalli, A Distributed Intrusion Detection Scheme for Wireless Ad Hoc Networks, SAC '12, pp.556-562, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00738916

M. A. Morsy, J. Grundy, and I. Müller, An Analysis of The Cloud Computing Security Problem, APSEC '10, pp.1-6, 2010.

J. Myerson, Protect a PaaS from Hackers with Four Phases of Defense, pp.2017-2027, 2014.

, Neutron. OpenStack Networking Service, 2017.

V. Nguyen, A. Brunström, K. Grinnemo, and J. Taheri, SDN/NFV-Based Mobile Packet Core Network Architectures: A Survey, IEEE Communications Surveys and Tutorials, vol.19, issue.3, pp.1567-1602, 2017.

. Ntt-labs, . Ryu, and . Framework, , 2016.

R. V. Nunes, R. L. Pontes, and D. Guedes, Virtualized Network Isolation using Software Defined Networks, LCN '13, pp.683-686, 2013.

, OASIS. Security Assertion Markup Language (SAML) V2.0 Technical Overview, pp.2017-2027, 2014.

J. Oberheide, E. Cooke, and F. Jahanian, CloudAV: N-version Antivirus in the Network Cloud, SS' 08, pp.91-106, 2008.

, Open Network Automation Platform, ONAP, pp.2018-2019, 2017.

, Open Networking Foundation. OpenFlow Switch Specification, 2012.

, OpenFlow-enabled SDN and Network Functions Virtualization, Open Networking Foundation, 2014.

, Open Networking Foundation. SDN Architecture Overview, 2014.

, Open Networking Foundation. Relationship of SDN and NFV, 2015.

. Openbaton, OpenBaton is a ETSI NFV Compliant Management and Orchestration (MANO) Framework, pp.2018-2019, 2016.

. Openid, Welcome to OpenID Connect, pp.2017-2019, 2014.

. Openstack, Open Source Software for Creating Private and Public Clouds, pp.2018-2020, 2016.

. Openstack, Keystone -OpenStack Identity Service, pp.2018-2019, 2017.

. Openstack and . Openstack-compute, , pp.2019-2023, 2019.

. Opnfv and . Moon--security-management-module, , pp.2018-2019, 2016.

. Opnfv, Open Plaform for NFV Project, pp.2018-2020, 2017.

, Oracle Coorporation, 2007.

P. Paganini, Hardware Attacks, Backdoors, and Electronic Component Qualification, pp.2017-2027, 2013.

D. H. Parekh and R. Sridaran, An Analysis of Security Challenges in Cloud Computing, Journal of Advanced Computer Science and Applications, vol.14, 2013.

M. Pattaranantakul, R. He, A. Meddahi, and Z. Zhang, SecMANO: Towards Network Functions Virtualization (NFV) Based Security MANagement and Orchestration, IEEE Trustcom/BigDataSE/ISPA' 16, pp.598-605, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01740185

M. Pattaranantakul, R. He, Q. Song, Z. Zhang, and A. Meddahi, NFV Security Survey: From Use Case Driven Threat Analysis to State-of-the-Art Countermeasures, IEEE Communications Surveys and Tutorials, vol.20, issue.4, pp.3330-3368, 2018.

M. Pattaranantakul, Y. Tseng, R. He, Z. Zhang, and A. Meddahi, A First Step Towards Security Extension for NFV Orchestrator, ACM International Workshop on SDN-NFVSec@CODASPY' 17, pp.25-30, 2017.

G. Pék, L. Buttyán, and B. Bencsáth, A Survey of Security Issues in Hardware Virtualization, ACM Comput. Surv, vol.45, issue.3, 2013.

, Pica 8, Inc. OpenFlow-enabled Ethernet Switches, 2009.

. Pox and . Wiki, , pp.2017-2027, 2015.

C. Priebe, D. Muthukumaran, D. O'-keeffe, D. Eyers, B. Shand et al., CloudSafetyNet: Detecting Data Leakage Between Cloud Tenants, CCSW '14, pp.117-128, 2014.

. Pypbc, Python Binding for PBC, 2017.

Z. A. Qazi, C. C. Tu, L. Chiang, R. Miao, V. Sekar et al., SIMPLE-fying Middlebox Policy Enforcement Using SDN. SIGCOMM Comput, vol.43, pp.27-38, 2013.

, Machine Escape Fetches 105,000 dollars at Pwn20wn Hacking Contest, pp.2017-2029, 2017.

P. Quinn, U. Elzur, and C. Pignataro, Network Service Hearder (NSH, 2018.

P. Quinn and T. Nadeau, Problem Statement for Service Function Chaining, 2015.

J. S. Enns, M. Bjorklund, and A. Bierman, Network Configuration Protocol, 2011.

R. Mijumbi, J. Serrat, J. L. Gorricho, N. Bouten, F. De-turck et al., Network Function Virtualization: State-of-the-Art and Research Challenges, IEEE Communications Surveys Tutorials, vol.18, issue.1, pp.236-262, 2016.

. Rabbitmq and . Rabbitmq, Open Source Message Broker Software, 2016.

M. O. Rabin, How To Exchange Secrets with Oblivious Transfer, pp.2017-2029, 2005.

, Toward a Federated Identity Service Based on Virutalization, pp.2017-2028, 2014.

K. Ramakrishnan, S. Floyd, and D. Black, The Addition of Explicit Congestion Notification (ECN) to IP, 2001.

G. Ranga and S. Flowerday, Identity and Access Management for the Distribution of Social Grants in South Africa, SAICSIT '07, pp.125-131, 2007.

P. Ranjith, C. Priya, and K. Shalini, On Covert Channels Between Virtual Machines, Journal in Computer Virology, vol.8, 2012.

S. Ravidas, S. Lal, I. Oliver, and L. Hippelainen, Incorporating Trust in NFV: Addressing the Challenges, ICIN' 17, pp.87-91, 2017.

F. Reynaud, F. X. Aguessy, O. Bettan, M. Bouet, and V. Conan, Attacks against Network Functions Virtualization and Software-Defined Networking: State-of-the-art, NetSoft' 16, pp.471-476, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01393740

M. Roesch, , pp.2017-2026, 2014.

S. A. Rouiller, Virtual LAN Security: Weaknesses and countermeasures, pp.2017-2026, 2012.

C. E. Rubio-medrano, Z. Zhao, A. Doupe, and G. Ahn, Federated Access Management for Collaborative Network Environments: Framework and Case Study, SACMAT '15, pp.125-134, 2015.

R. Sailer, E. Valdez, T. Jaeger, R. Perez, L. V. Doorn et al., sHype: Secure Hypervisor Approach to Trusted Virtualized Systems, IBM Research Report RC23511, 2005.

R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, Role-based Access Control Models, IEEE Computer, vol.29, issue.2, pp.38-47, 1996.

T. Sasaki, C. Pappas, T. Lee, T. Hoefler, and A. Perrig, SDNsec: Forwarding Accountability for the SDN Data Plane, 25th International Conference on Computer Communication and Networks (ICCCN), pp.1-10, 2016.

S. Scott-hayward, S. Natarajan, and S. Sezer, A survey of security in software defined networks, IEEE Communications Surveys Tutorials, vol.18, issue.1, pp.623-654, 2016.

V. Sekar, N. Egi, S. Ratnasamy, M. K. Reiter, and G. Shi, Design and Implementation of a Consolidated Middlebox Architecture, NSDI'12, pp.24-24, 2012.

A. S. Sendi, Y. Jarraya, M. Pourzandi, and M. Cheriet, Efficient Provisioning of Security Service Function Chaining Using Network Security Defense Patterns, IEEE Transactions on Services Computing, pp.1-1, 2017.

P. K. Shanmugam, N. D. Subramanyam, J. Breen, C. Roach, and J. Van-der-merwe, DEIDtect: Towards Distributed Elastic Intrusion Detection, DCC '14, pp.17-24, 2014.

J. Sherry, S. Hasan, C. Scott, A. Krishnamurthy, S. Ratnasamy et al., Making Middleboxes Someone else's Problem: Network Processing As a Cloud Service, SIGCOMM '12, pp.13-24, 2012.

J. Sherry, C. Lan, R. A. Popa, and S. Ratnasamy, BlindBox: Deep Packet Inspection over Encrypted Traffic, SIGCOMM Comput. Commun. Rev, vol.45, issue.4, pp.213-226, 2015.

S. Shin, P. A. Porras, V. Yegneswaran, M. W. Fong, G. Gu et al., FRESCO: Modular Composable Security Services for Software-Defined Networks. In NDSS' 13, 2013.

S. Shin, H. Wang, and G. Gu, A First Step Toward Network Security Virtualization: From Concept To Prototype, IEEE Transactions on Information Forensics and Security, vol.10, issue.10, pp.2236-2249, 2015.

Y. Sim and H. Y. Lee, Poster: Denial-of-service attack using host location hijacking in software-defined network, 1st IEEE European Symposium on Security and Privacy, pp.1-2, 2016.

. Sns-telecom, The SDN, NFV, Network Virtualization Ecosystem: 2016 -2030 -Opportunities, Challenges, Strategies, Forcasts, pp.2018-2020, 2018.

Y. Song, H. Kim, and A. Mohaisen, A Private Walk in the Clouds: Using End-to-End Encryption between Cloud Applications in a Personal Domain, Lecture Notes in Computer Science, vol.8647, pp.72-82, 2014.

I. Studnia, E. Alata, Y. Deswarte, M. Kaaniche, and V. Nicomette, Survey of Security Problems in Cloud Computing Virtual Machines, C&ESAR' 12, pp.61-74, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00761206

S. Suzuki and S. Kondo, Dynamic Network Separation for IPv6 Network Security Enhancement, SAINT Workshops' 05, pp.22-25, 2005.

. Tacker, N. Tacker--openstack, and . Orchestration, , pp.2018-2019, 2013.

H. Takabi, Privacy Aware Access Control for Data Sharing in Cloud Computing Environments, SCC '14, pp.27-34, 2014.

H. Takabi, J. B. Joshi, and G. Ahn, Security and Privacy Challenges in Cloud Computing Environments, IEEE Security and Privacy, vol.8, issue.6, pp.24-31, 2010.

S. Teerakanok, C. Vorakulpipat, and S. Kamolphiwong, Anonymity Preserving Framework for Location-based Information Services, MEDES '10, pp.107-113, 2010.

. Telefonica and . Openmano, , pp.2018-2019, 2015.

, The Linux Foundation. ONOS (Open Network Operating System, 2014.

, The Linux Foundation Projects, 2013.

, The Linux Foundation Projects. OpenDaylight Flurine Release, 2018.

, Simple Profile for Network Functions Virtualization (NFV version 1.0), pp.2018-2019, 2016.

B. Tschaen, Y. Zhang, T. Benson, S. Banerjee, J. Lee et al., SFC-Checker: Checking the correct forwarding behavior of Service Function chaining, 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp.134-140, 2016.

V. Varadharajan and U. Tupakula, Securing Services in Networked Cloud Infrastructures, IEEE Transactions on Cloud Computing, issue.99, pp.1-1, 2016.

M. Veeraraghavan, T. Sato, M. Buchanan, R. Rahimi, S. Okamoto et al., Network Function Virtualization: A Survey, IEICE Transactions on Communications, vol.100, issue.11, pp.1978-1991, 2017.

. Vmware, , pp.2017-2027, 2015.

A. Vu and Y. Kim, An implementation of hierarchical service function chaining using OpenDaylight platform, 2016 IEEE NetSoft Conference and Workshops (NetSoft), pp.411-416, 2016.

E. Wang, K. Leung, J. Felix, J. Lyer, and P. Patel, Service Function Chaining Use Cases for Network Security, 2017.

C. Wraight, White Paper: Content-Aware Identity & Access Management in a Virtual Environment, pp.2017-2027, 2010.

C. Wueest, M. B. Barcena, and L. O'brien, Mistakes in the IaaS Cloud Could Put Your Data At Risk, pp.2017-2024, 2015.

W. Xia, Y. Wen, C. H. Foh, D. Niyato, and H. Xie, A survey on software-defined networking, IEEE Communications Surveys Tutorials, vol.17, issue.1, pp.27-51, 2015.

G. Xilouris, Overall System Architecture and Interfaces: Version 1, Overall System Architecture and Interfaces v1.0.pdf, pp.2018-2019, 2015.

J. Xiong, Z. Yao, J. Ma, X. Liu, Q. Li et al., PRAM: Privacy Preserving Access Management Scheme in Cloud Services, Cloud Computing '13, pp.41-46, 2013.

K. Yang, X. Jia, and K. Ren, Attribute-based Fine-grained Access Control with Efficient Revocation in Cloud Storage Systems, ASIA CCS '13, pp.523-528, 2013.

W. Yang and C. Fung, A Survey on Security in Network Functions Virtualization, NetSoft' 16, pp.15-19, 2016.

Y. Yang, X. Chen, G. Wang, and L. Cao, An Identity and Access Management Architecture in Cloud, ISCID '14, pp.200-203, 2014.

A. C. and -. Yao, How to Generate and Exchange Secrets, SFCS '86, pp.162-167, 1986.

F. Yao, R. Sprabery, and R. H. Campbell, CryptVMI: A Flexible and Encrypted Virtual Machine Introspection System in the Cloud, SCC '14, pp.11-18, 2014.

S. S. Yau and H. G. An, Protection of Users' Data Confidentiality in Cloud Computing, Internetware '10, vol.11, pp.1-11, 2010.

N. Zhang, H. Li, H. Hu, and Y. Park, Towards Effective Virtualization of Intrusion Detection Systems, Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, SDN-NFVSec '17, pp.47-50, 2017.

P. Zhang, Towards Rule Enforcement Verification for Software Defined Networks, IEEE INFOCOM 2017 -IEEE Conference on Computer Communications, pp.1-9, 2017.

T. Zhang and R. B. Lee, CloudMonatt: An Architecture for Security Health Monitoring and Attestation of Virtual Machines in Cloud Computing, ISCA' 15, pp.362-374, 2015.

Y. Zhang, N. Beheshti, L. Beliveau, G. Lefebvre, R. Manghirmalani et al., StEERING: A software-defined networking for inline service chaining, 21st IEEE International Conference on Network Protocols (ICNP), pp.1-10, 2013.

Y. Zhang, W. Lee, and Y. Huang, Intrusion Detection Techniques for Mobile Wireless Networks, Wirel. Netw, vol.9, issue.5, pp.545-556, 2003.

Y. Zhang, W. Wu, S. Banerjee, J. Kang, and M. A. Sanchez, SLA-verifier: Stateful and quantitative verification for service chaining, IEEE INFOCOM 2017 -IEEE Conference on Computer Communications, pp.1-9, 2017.

G. Zhong and U. Hengartner, Toward a Distributed K-anonymity Protocol for Location Privacy, WPES' 08, pp.33-38, 2008.

D. Zou, W. Zhang, W. Qiang, G. Xiang, L. T. Yang et al., Design and Implementation of a Trusted Monitoring Framework for Cloud Platforms, Future Gener. Comput. Syst, vol.29, issue.8, pp.2092-2102, 2013.

L. Zuccaro, F. Cimorelli, F. D. Priscoli, C. G. Giorgi, S. Monaco et al., Distributed Control in Virtualized Networks, Procedia Computer Science, vol.56, pp.276-283, 2015.