Verifiable network function outsourcing: Requirements, challenges, and roadmap
Network function outsourcing (NFO) enables enterprises and small businesses to achieve the performance and security benefits offered by middleboxes (e.g., firewall, IDS) without incurring high equipment or operating costs that such functions entail. In order for this vision to fully take root, however, we argue that NFO customers must be able to verify that the service is operating as intended w.r.t.: (1) functionality (e.g., did the packets traverse the desired sequence of middlebox modules?); (2) performance (e.g., is the latency comparable to an "in-house" service?); and (3) accounting (e.g., are the CPU/memory consumption being accounted for correctly?). In this position paper, we formalize these requirements and present a high-level roadmap to address the challenges involved. Copyright 2013 ACM.