SPEAR
Master's ThesisAvailable

Secure network function/application orchestration in edge

How can applications share the environment and hardware in edge platforms while maintaining security boundaries and preventing unauthorized access?

SecurityEdgeNetwork FunctionsSystems

Background and Motivation

Edge computing platforms host multiple applications from different tenants, creating complex security challenges around resource sharing and isolation. As edge infrastructure becomes more prevalent for 5G/6G network functions and latency-sensitive applications, ensuring strong security boundaries between co-located workloads becomes critical.

The core challenge is twofold: infrastructure providers need guarantees that applications cannot escape their execution boundaries or access unauthorized resources, while application developers require assurance that neither infrastructure providers nor other tenants can access or tamper with their deployments. This mutual distrust model demands robust isolation mechanisms that go beyond traditional container boundaries.

Trusted Execution Environments (TEEs) like Intel SGX offer hardware-based isolation through secure enclaves, enabling confidential computing where code and data remain protected even from privileged system software. For network functions specifically, technologies like jBPF provide secure, sandboxed execution of network processing logic. These approaches can be integrated into orchestration frameworks to provide verifiable security guarantees as part of Service Level Agreements.

Expected Outcomes

This thesis will design and implement secure orchestration mechanisms for network functions and applications in edge environments. The research will explore integration of TEE technologies (particularly SGX enclaves) into edge orchestration workflows, enabling applications to specify security requirements in their deployment SLAs.

Key focus areas include:

  • Designing SLA specifications that capture security requirements including enclave execution, memory encryption, and attestation policies.
  • Implementing orchestration support for scheduling workloads on TEE-capable hardware and managing enclave lifecycle.
  • Evaluating secure network function execution using jBPF for lightweight, isolated packet processing.
  • Analyzing performance overhead of security mechanisms and trade-offs between isolation strength and resource efficiency.

The work can extend into 6G network function security and Intent-based Machine Learning (IML) aspects for intelligent security policy management.

  1. Microsoft jBPF - Userspace eBPF VM for secure network function execution: https://github.com/microsoft/jbpf/

Interested in This Topic?

Contact the supervisor with your CV, transcript, and a brief statement of interest.

Nitinder Mohan
Contact Nitinder
Back to Available Topics