Sharing Virtualized Network Functions (VNFs) among different slices in Fifth Generation (5G) is a potential strategy to simplify the system implementation and utilize 5G resources efficiently. In this paper, we propose a security-aware VNF sharing model for 5G networks. The proposed optimization model satisfies the service requirements of various slices, enhances slice security by isolating their critical VNFs, and enhances resource utilization of the underlying physical infrastructure. The model tries to systematically decide on sharing a particular VNF based on two groups of constraints; the first group of constraints is common assignment constraints used in the existing literature. The second group is the novel security constraints that we propose in this work; the maximum traffic allowed to be processed by the VNF and the exposure of the VNF to procedures sourced via untrusted users or access networks. This sharing problem is formalized to allow for procedure-level modeling that satisfies the requirements of slice requests in 5G systems. The model is tested using standard VNFs and procedures of the 5G system rather than generic ones. The numerical results of the model show the benefits and costs of applying the security constraints along with the network performance in terms of different metrics.

翻译：在第五代（5G）通信系统中，共享不同切片间的虚拟化网络功能（VNF）是简化系统实现并高效利用5G资源的一项潜在策略。本文提出了一种面向5G网络的安全感知VNF共享模型。该优化模型既满足不同切片的服务需求，又通过隔离其关键VNF来增强切片安全性，同时提升底层物理基础设施的资源利用率。该模型基于两类约束条件系统性地决策特定VNF的共享：第一类约束是现有文献中通用的分配约束，第二类则是本文提出的新型安全约束——包括VNF允许处理的最大流量上限，以及VNF暴露于不可信用户或接入网发起流程的风险程度。该共享问题被形式化为支持流程级建模，从而满足5G系统中切片请求的需求。模型测试采用5G系统的标准VNF与流程（而非通用组件）。数值结果揭示了应用安全约束的效益与代价，以及网络性能在不同指标下的表现。