Abstract
The deployment of virtual network function (VNF) in the container can realize the 5G service-based architecture (SBA) with high flexibility. The container carrying the VNF has poor isolation and low protection capabilities, and there is a security risk of being tampered and replaced. Current security protection technologies such as access control, intrusion detection, and virus detection cannot ensure that the container is not illegally modified. In order to fundamentally protect the integrity of containerized VNFs, this paper proposes a containerized VNF trust measurement scheme container integrity measurement (CIM). The scheme extends the chain of trust to bare metal containers and virtual machine containers, and experiments are carried out in a containerized VNF communication environment. The results show that the integrity measurement protection scheme is effective. Compared with ordinary containers, the average CPU usage of trusted containers has increased by 26%, and the average memory usage growth rate is less than 1%, the performance overhead caused by CIM is acceptable.