5G Network Slice Isolation

This article reveals an adequate comprehension of basic defense, security challenges, 2 and attack vectors in deploying multi-network slicing. Network slicing is a revolutionary concept 3 of providing mobile network on-demand and expanding mobile networking business and services 4 to a new era. The new business paradigm and service opportunities are encouraging vertical 5 industries to join and develop their own mobile network capabilities for enhanced performances 6 that are coherent with their applications. However, a number of security concerns are also raised 7 in this new era. In this article, we focus on the deployment of multi-network slicing with multi8 tenancy. We identify the security concerns, and discuss about the defense approaches such as 9 network slice isolation and insulation in a multi-layer network slicing security model. Also, we 10 identify the importance to appropriately select the network slice isolation points, and propose 11 a generic framework to optimize the isolation policy regarding the implementation cost while 12 guaranteeing the security and performance requirements.

Since the traditional approaches such as traffic isolation, encryption, and firewalls are not providing sufficiently satisfactory performance in countering the related cyber-threats, they have envisioned some possible artificial intelligence mechanisms to enhance the network slice security. Unfortunately, little progress has been reported in the suggested approaches. One of the main reasons for this lack of achievement can be the absence of deep and thorough understanding of the security model in slice isolation.
This article is to demystify the appropriate defense mechanisms and to provide adequate isolation approach in different point of network slice. This isolation point must be selected based on the characteristics of the network slice and the MNO's network infrastructure strategy. The main novel contributions of our work, in this article we have: 1) identified security challenges in deploying NSaaS, 2) proposed a multi-layer model to decompose the network slicing security complexity, 3) analyzed the impact of network slice isolation point selection, and 4) proposed a framework to optimize the selection of network slice isolation points.
This article is organized as follows: Section II provides the principles of network slicing and network slice types of characteristics. Section III discusses the challenges of network slicing security when deploying a NSaaS platform. We use a multi-layer approach to explain the complexity layer-by-layer, then identify precision of network slice isolation would affect the defense and performance of the network slice. Subsequently, we develop a mathematical model of network slice isolation in relating to the level of control MNO and tenant that would apply to the cost of deployment network slice relationships in Section IV. Finally, we conclude the paper in Section V.

II. THE PRINCIPLES OF NETWORK SLICING AND NETWORK SLICE TYPES
Network slicing is a logical network representation, composed with specific mobile network infrastructure configuration, which consists of various levels and types of isolation in a physical infrastructure. It is basically enabled by virtualization, containerization, software-defined network (SDN), virtual network function (VNF) service chain, network function virtualization (NFV) [9] and flexible transport network technologies. MNO's is expected to utilize those technologies to provide a secure network environment across radio access network, transport network and core network. This secure network environment shall be fully optimized with multiple network slice coexistence and their different service characteristics and requirements. On the other hand, tenant is expected their network slices structure as a standalone and fully independent mobile network. Besides, other tenants shall not have an unauthorized access to their network slices nor unauthorized interception with the other tenants' data.
Network slicing dynamically gives MNO a flexibility in organising, coordinating and orchestrating any available resource in the wireless and wired network environment. Those resources can be differentiated into a specific service in a particular location. For example, a manufacturer customer would like to have a network slice with a particular location within few cell sites only. A utility company would like to have a smart grip network slice in some remote sites. Another case, hospital authority customer would like to have a network slice within a hospital area. Those three typical cases illustrate network slice services that can be dynamically deployed and provision in a unique geolocation. Also, these individual network slices can port to other network slice service provider or MNO network slice platforms. GSM Association (GSMA) has provided an introduction of network slice [10], and has been proposed the Network Slice Generic Template for formulate menu for selecting the network slice perimeters. This GST model can be converted to network provisioning data model for deploying network slice purpose [11].

III. NETWORK SLICE ISOLATION AS A SECURITY MEASURE
NSaaS is set to deliver an on-demand mobile network. It encourages vertical industry to design and develop their mobile network infrastructure and mobile network service. These mobile network infrastructures and services utilize virtualization, containerization and SDN technologies to increase the flexibility of network provision, deployment and operational models, and the business transformation and service agility across multiple mobile networks. Particularly, these mobile network infrastructures or services provides network independence and network seclusion, which has been demonstrated with multiple points-of-presence slice segment stitching to construct a network slice and also various resources being flexibly manipulated for a network slice [12]. Traditionally, MNO only has a single administrative domain (AD) to manage, an network element and subscriber to protect, an impersonation of subscriber to prevent, and a static attack vectors to identify etc. However, when NSaaS is deployed, the network flexibility and service agility will lead to a number of new security challenges. In this paper, we provide a comprehensive study on security challenge in four aspects from identify the protection assets, prevent attacks and human errors, identify the right selection of isolation points and different assets require to manage. Particularly, for ensuring the understanding of NSaaS new security challenges and applying the right NSaaS operation protection without affecting the network slice service performance requirement that is vitally important in an multi-network slicing environment. It is also critical that the NSaaS security perimeters are adequately defined throughout the entire NSaaS security chain and in operational level from radio access network to transport network, and from transport network to core network.

A. Challenges in Network Slicing Security
In this subsection, the key network slice security challenges are defined in four aspects which are protection, prevention, identification and management, as summarized in Table I. The protection challenges are raised by concerns about network infrastructure to support NSaaS, where it shall begin to consider the protection of network infrastructure from static resources to dynamic resources network environments. Typically, static resources can be referred to hardware assets and dynamic resources can be considered as software assets. Furthermore, these software assets can be created at runtime when network elasticity is triggered by traffic and network services on-demand. Since, these runtime software assets can be network slices, virtual network functions and SDN properties that may overload the network and affect the network services availability. Therefore, we have to protect the network availability, service reliability and company liabilities at all time. Particularly, other network services are having functional error or being compromised which can be possible to affect any other network services availability. All these protections shall be considered from network resilience to risk assessment of network services.
The prevention challenges are the unauthorized access and inappropriate use of network infrastructure resources, which can be considered the access or usage from the same AD or from another ADs. Traditionally, MNO only manages a single AD and never has experience on managing and authorizing 3rd parties that access to various level of resources based on the services level agreement with the tenant. Therefore, preventing cross ADs resource access is another challenge MNO requires to manage. Particularly, under the virtualized network environment, co-resident attacks may trigger an unauthorized access to another virtual machine co-existing under the same bear-metal. Furthermore, MNO also requires to prevent another serious issue in all kinds of system within the infrastructure which is insider threats. In order to prevent insider threat under such fast evolve and change network environment, a proper management process or control has to apply on top of traditional approaches, for example, ISO/IEC 27001 has a series control processes to ensure the information security management in securing the system. We often face an unknown threat when network automation applying to virtualized network infrastructure environment, there is possibility that attacker may be inappropriately manipulated network resources via auto-optimization and auto re-configuration. Therefore, we shall apply zero trust to prevent auto-manipulation of network resources.
The identification of security threats challenges is typically an essential task for MNO before the network deployment. Usually, MNO will establish security control policies appropriately which is not just based on the local regulations requirements and international benchmark approaches [13], but also demanding to adapt the best practice from the industry. Therefore, identifying the security control policies for deploying NSaaS requires to consider the security policies under the flexible network and dynamic network runtime environments, it cannot simply apply black-box approaches that will eventually expose various unidentified attack vectors and vulnerable loopholes. Since, the common practice of identifying the attack vectors or conducting the risk assessments requires an existing network environment. Particularly, attack vectors will not be straight forward without an existing network infrastructure and services environments. Even though, the flexible network infrastructure is unpredictable on the managing the resources but we shall clearly state out the security policies when applying network elasticity. Furthermore, we also have to identify the adequate physical and logic isolation points for each of the network slices to protect the service availability, set the security perimeters, and provide appropriate security measures in the future.
In terms of the network management challenges, we have a number of items that must be seriously considered. The MNO shall provide policies to manage the unknown ADs and the virtual environment visibility. Especially, virtual environment visibility can be managed by different technological techniques e.g., micro segmentation, hypervisor firewall etc. Those techniques can increase the visibility, but also require a substantial knowledge to manage them. On the other hand, under NSaaS, we have many tenants that need to manage. For example, tenant's identity, access and privacy shall be properly managed. Also, the MNO shall provide a privacy scheme or guideline for tenants to manage their subscribers in order to reduce the risk of the network.
The above four aspects can assist MNO to achieve a secure operation of NSaaS, we propose to plan and provide a precise policy of control in fulfilling them as the basic requirements.

B. Decomposition of Network Slicing Security Complexity
In this subsection, we present a multi-level model of the network slicing security decomposition. Basically, this model also represents a network construction sequence which starts from deciding the type of devices available in the supply chain. Once installed to the network, those devices become physical resources that formulate an infrastructure. Supposed to be fully utilized, they can be transferred into virtual resources by applying virtualization and containerization technologies. Consequently, those formulated virtual resources should be managed by an information management platform e.g., NFV. After the physical and virtual infrastructures being fully established, we start to consider the protocol and service chains protection methodologies and the appropriate isolation points in the network slice. Finally, from the MNO's point of view, it is essential to consider a network slice platform to manage the network slice tenants by means of tenant identities, access rights, services, etc. Note that the above description is simplified regarding the deployment consideration and sequence of architecture design decisions. Also, between each two layers, there is a tight relationship and logical linkage in the deployment of a network slice. Furthermore, each of the layers and elements has a specific protection method, which we are going to discuss in this subsection.
As illustrated in Figure 1, the lowest three levels in our model are are inherited from the traditional network security model, which concern the fundamental of telecommunication equipment supply chain security, physical resource security and physical infrastructure, respectively. From the fourth to the top layer are the logical and information security concerns which are considered to deal with a wider attack surface by every next layer. Furthermore, the complexity of defense in each layer will also increase layer-by-layer from the bottom to the top layer. We further describe each of layer characteristics in the following; Layer I Supply Chain -Usually, it is a first line of defense and is not only considered a physical active electronic component and passive electronic component. Software components or entities shall be included within the supply chain. Those components' software is often employed with malicious code. Therefore, we have to have certain level of control over supply chain when deploying NSaaS. ISO 28000 specification has a well-established supply chain security management control framework that can be applied. NIST has also suggested a supply chain life-cycle management [14]. Furthermore, supply chain security management is not just to deliver control and assurance to the overall system, it also requires to define the level of control processes, certifications of the product within the best practice in the current time, and the trustworthiness of the protocol applied to test the products. GSMA provides a supply chain toolbox to give a guideline of this first line of defense [15], and NSCS also provides 12 principles to ensure the first line of defense under control within the appropriate stage of the overall supply chain [16].
Layer II Physical Resources -Often, MNO unifies the physical network elements and license's components as physical resources which will increase the flexibility of overall mobile network infrastructure, and refine the productivity by applying different service management methodologies. Furthermore, MNO also constantly searches various methods and techniques to fully utilize all available resources in their network infrastructure. Also, deploying network slice, the second line of defense is to manage different types of physical resources that apply to a particular network slice. For example, a critical infrastructure network slice can be only deployed in a few specific locations with selected spectrum thereat, and the local breakout may also require to be deployed with an air-gap isolated server rack, switch and the internet gateway. Layer III Physical Infrastructure -Facility infrastructure resiliency gives service reliability to the MNO's mobile network infrastructure. There are number of international data centercontrol frameworks [18], [17] to protect this third line of network slice defense's service availability and reliability. For example, an utility smart grid network slice may request a wide area deployment and require a certain level of service availability and reliability. Hence, MNO may need to pick the right level of data centerfor such network slice deployment. Often, mobile network infrastructure is constructed by different data centers, which different data centermanagement teams and companies are often employed to manage. In maintaining the data centerservice reliability and ensuring the different level of data centersecurity, data centersecurity is not only facility security and also include identity and access management etc.
Layer IV Virtual Resources -Generally, network slicing is based on virtualization and containerization technologies as its foundation. Network slices can be constructed under virtual machines, containers or combination of virtual machines and containers, and each of the network slice can be specifically restricted on the number vCPU, vRAM and the type of storage. The MNO requires to manage its virtual resources, so that it does not exceed the maximum level of physical resource limitation and cause service interruptions.
Layer V Virtual Infrastructure -The level of complexity in this layer has been significantly increased. We have to consider the implementation virtual machine and container isolation techniques to avoid co-residency attack. The typical technique would apply is the hypervisor introspections or serverless container isolation technique in kernel level. The virtualize infrastructure can have access control list for particular application to secure the entire network segment using micro-segmentation which automatically apply network segregation. Therefore, the virtualization and containerization network security would be the main consideration in this layer. Since, this layer's defense is across different areas of technology implementation, from application to virtual network segmentation, and from infrastructure access control to CPU firmware trust model. All these techniques are trying to keep network slice isolated from each other.
Layer VI Protocol and Service Chain -In this layer, a formulated network slice shall have a specific service to deliver. Usually, MNO formulates those services that may use service chain approach. This service chains often are in a sequential manner of network functions which function can also split into multi-locations and the traffic would propagate from one network location to another in a specific sequence. Due to network service chain sequential structure, we can collect network intelligence data which can be used to increase the virtual network infrastructure visibility and threat intelligence protection on different level of network slice defense. On the other hand, we have to avoid the inappropriate of virtual resource manipulations, therefore, we can use appropriate security protocol and the API security to prevent malicious manipulations.
Layer VII Radio Access Network, Transmission Network and Core Network -When deploying network slice, we need to identify various isolation points as network defense perimeters, where different isolation techniques can be applied to. Those isolation points must be carefully selected, otherwise, the service performance can be easily affected. Therefore, mapping the isolation points with adequate technology under different network slice type is an important process in deploying network slices.
Layer VIII Administrative Domain -Consequently, there is a possibility, tenant may have purchase multiple network slices across different MNOs, and tenant may share all resources across multiple network slices. Therefore, MNO or network slice service provider requires to protect each AD's user and tenant privacy, and must manage users' and tenants' identities who accesses the appropriate AD.
The above multi-layers approach can assist network slice service provider or MNO to distinguish and differentiate the level of managing a NSaaS platform and to protect the overall MNO network service availability. After resolving the network slice complexity in layers, we shall focus on the practical deployment of NSaaS which would focus on the defense of 3 domains in data centre; radio access network, transport network and core network.

C. Precision of Network Slice Isolation Point
Identifying an adequate network slice isolation point and applying right network slice isolation mechanism and policy at those isolation points are the main challenges in deploying multi-network slicing to a mobile network operator network. Network slices are designed to support the co-existence of multiple tenants on an MNO physical network with independent, isolated and fully secured network services. Also, one tenant would not know another tenants' existence in the network. A similar strategy has been proposed on the Internet to isolate services or applications using service oriented architecture [19]. However, it might need abnormal detection to protect the behavior of the network slice from faults, e.g., an inappropriate selection of isolation points. In case of such faults, the anomaly detection algorithm can as well be invoked to obtain the score of isolation points behavior [20], which may be further exploited by machine learning techniques to isolate the faults [21] and to model the slice behavioral patterns under a particular setup of isolation points.  GSMA has defined 8 types of network slice use cases and each of the network slice type could have different network configurations, network performance requirements, traffic criteria and security control etc. All these characteristics would ultimately lead to deliver service experience to the subscriber and fulfil the network slice Service Level Agreement (SLA) under a secured [22]. Especially, multi-network slice deployment involves with different network technologies, resource migration and resource optimization at the runtime. Either an inappropriate selection of the isolation points or wrongly applying isolation mechanism and policy in each of the isolation point can cause a network performance degradation or service delivery interruption after resource optimization and migration. Therefore, we shall identify each of the possible isolation point and adequate security mechanism and policy applying to those isolation points. By appropriately specifying these features it helps not only by securing the network slice, but also by enhancing the network performance without affecting the subscriber experience or violating the SLA.

Level of Isolation
Figures 2-5 provide illustrations of some phenomena when deploying network slice. Figure 2 is divided into three parts; on the right and left sides, two options are illustrated where the tenant requests for a network slice with the most tenant control and minimal influence from MNO (left), or balanced control shared between the tenant and the MNO (right), respectively. In the earlier case, MNO only provides physical resources (e.g., spectrum etc.); in the latter case, several layers of the protocol stack and some specific network functions are defined and controlled by the MNO. In the middle, Figure 2 shows how the level of isolation matters to the cost of deployment when considering network slice isolation. Particularly, Figure 2 indicates the minimal and maximal cost of isolation that would start on a positive manner due to the physical resources (e.g., spectrum etc.) that belong to MNO. The graph also indicates the characteristics of the isolation relationship in between the level of control tenant that can be gained when deciding to purchase a network slice. Also, the graph indicates that is not directly proportional to each other due to the vast amount of isolation techniques that can be applied to deliver similar protections. Figure 3 provides an overview of controlling of a network slice by tenant. When tenant has a minimal control of network slice that implies the tenant fully relies on MNO to manage the network slice, and the MNO has less responsibility to put isolation to the protect the network slice. On the other hand, when tenant has a maximal control of the network slice and the MNO is responsible to put isolation into the network slice for protecting the other tenant privacy. Figure 4 reflects the control of MNO which is correlated to Figure 3. Furthermore, Figure 4 indicates when MNO has absolute control of network slice that is a monolithic network. There would be no NSaaS existing in the network. The network reminds on the 4th generation telecommunications system. Finally, Figure 5 shows the exclusive relation between the MNO control and tenant control on any certain network slice. It shall be noted that Figures 2-5 show no quantitative results but only qualitative relations among the level of isolation, slicing cost, and control levels, which can be straightforwardly derived from the control sharing mechanism and the cost budget of network slice isolation.

Level of Isolation
When MNO has less control, tenant network slice requires better isolation.
When MNO has better control, tenant network slice requires less isolation When MNO has absolute control of network slice that is a monolithic network. There would be no network slice as service existing in the network. The network reminds on the 4th Generation Telecommunication System approach.

Absolute control & no isolation
Minimal control Maximal isolation

IV. MODEL OF NETWORK SLICE ISOLATION
In this section, we develop a mathematical model to help MNO in identify the cost of deploying right network slice isolation points. We use 3GPP protocol stack [23], [24] as a network slice logical deployment representation. We begin with the case where the isolation points can be independently selected for every individual slice. Ideally, those isolation points would not have any impact to the performance nor implementation cost of other slices. Therefore, we define a mathematical model to  provide a rational representation. We start from the following notations: We consider the set of all N slices N = {1, 2, 3 . . . , N }, where every slice needs to implement a full stack P = {1, 2, 3 . . . , P } of protocol layers. Every individual slice n ∈ N can independently and flexibly choose the method to implement each protocol layer, either in a physical way or in a virtual way. This can be formulated with a binary indicator for every pair of network slice n and protocol layer p: v n,p = 1 n virtualizes p 0 otherwise , ∀n ∈ N , p ∈ P.
For each protocol layer p of a specific network slice n, call its isolation level i n,p , the tenant control level t n,p can be selected from a finite discrete set T n,p ⊆ T , where min(T n,p ) = 0 and max(T n,p ) = t max n,p ∈ (0, 1). We also define the MNO control level m n,p = 1 − t n,p , the operations cost c op n,p , and the infrastructural cost where c P n,p and c V n,p are the cost to implement p for n physically and virtually, respectively. Their values in practical systems are determined by the specific hardware and software that are used by the MNO. Generally, given an arbitrary fixed i n,p , c P n,p > c V n,p , ∀(n, p) ∈ N × P.
The total isolation cost of slice n is therefore, For every slice n, we define the quality of service q n and the security level s n . We aim at minimizing the isolation cost: subject to t n,p + m n,p = 1, ∀(n, p) ∈ N × P, (5b) Note that let i 1 > i 2 , m 1 > m 2 , t 1 > t 2 , for all (n, p) we have: c P n,p | in,p=i1 > c P n,p | in,p=i2 (7) c V n,p | in,p=i1 > c V n,p | in,p=i2 (8) c op n,p | mn,p=m1 > c op n,p | mn,p=m2 (9) q n | in,p=i1 > q n | in,p=i2 (10) s n | tn,p=t1 > s n | tn,p=t2 (11) More specifically, (6) implies that the constrains of isolation level and the upper bound of MNO control level. As a result, the more isolated, the more layers in the protocol stack can be securely controlled by the MNO. (7) and (8) imply that the infrastructural cost of a network slice under certain level of protocol layer, no matter the protocol layer is physically or virtually implemented. Furthermore, the cost of network slice would increase along with the isolation. For example, it may cost more to maintain the protocol layer on an air-gap isolation independent server than to run it on a virtual machine. (9) shows that the operations cost in relating to the protocol layer which would increase along with the MNO control level. Since, it requires more effort in the VNF MANO module. (10) shows that the performance of a network slice that can be improved by raising the isolation level of its arbitrary protocol layer, since less loss will be caused by the resource scheduling among different slices sharing the same infrastructure under bear-metal or virtual machine. (11) is referred to the fact that a network slice is more secure, when more of its control is granted to the tenant rather than the MNO. (12) is referred to the fact when a network slice is more secure, it is a better isolation from the other network slices.
It is worth to remark that I, T and V are all defined on discrete sets, making the program (5) non-convex and therefore rejecting conventional convex optimization problem solvers. Nevertheless, their domains are all finite, making it possible to solve (5) with simple exhaustive search in cases where N , P and |T | are small. For cases where the dimension is large and exhaustive search becomes computationally expensive, we can relax (5) into a linear programming (LP) problem by extending the domains of I, T, V into continuous spaces through linear interpolation. Such linear programs are guaranteed to be efficiently solved with a polynomial time complexity. Thereafter, the optimal solution to the original problem (5) can be obtained by rendering the optimum of relaxed LP, e.g. with the well-known branch-and-bound or cutting-plane algorithms.

A. Network Slice Planning Procedures
Network slice overview of deployment planning procedures can be referred in the following; We begin with Figure 6a gives the network slice isolation plan based on Quality of Service (QoS) satisfaction. Basically, the QoS satisfaction shall be conducted and aggregate individual QoS parameters. We take the reliability as an example which is shown in Figure 6a. The three horizontal lines on the graph represent the minimal reliability requirements of a specific type of network slice service. More specifically, the level of service reliability requirement of enhanced Mobile Broadband (eMBB) network slice is the lowest among the three, because eMBB may accept high latency network QoS and a certain level of packet loss. The level of service reliability of massive Machine-Type Communications (mMTC) network slice is on a mid-level, since mMTC deploys a large amount of devices connections with short messages transmission and with no re-transmission policy characteristics, since the duty cycle of mMTC devices may be very short. These features of mMTC are asking for a better service reliability than that of the eMBB network slice. Last but not the least, the highest service reliability is Ultra Reliable Low Latency Communications (URLLC) network slice, which very often applies to deliver critical infrastructure while commonly providing certain level of defense mechanisms. Figure 6b gives an other network slice deployment consideration. We often see the network slice deployment using air-gap isolation, logical isolation, combination of isolation methods. Obviously, each network slice would have a set of contains with different protocol stack that can be controlled by tenant or MNO. From the MNO point of view, when tenant having more control of the network slice which is better to apply air-gap isolation due to having a better reliability than logical isolation. Figure 6b provides a result in comparing with air-gap (bear-metal) isolation and logical isolation. Therefore, in terms of considering from isolation, when we have the same isolation level and the reliability would increase with the tenant control level. On the other hand, when a network slice has the maximal tenant control level that requires the isolation level to be maximal as well. It can use air-gap isolation that is shown in the Figure 6b.
According to the results, obviously, the tenant can remove some of the isolation options. For example, in general, logical isolation would not be possible on deploying to URLLC services due to performance requirement, the only possible solution would be applied the air-gap isolation with physical resources. We can further to discuss the trad-off which is shown in Figure 6b. Basically, the tenant can chooses from all available options with regard to its cost of security and defense preference. Typically, tenant may demand security hardening network slice, but the cost of isolation would be directly proportional to security hardening which is shown in Figure 6a. Figure 6a is also indicated the upper bound of the security level in relating to the upper bound of tenant control level, i.e. by the isolation level -bare metal isolation can achieve more than logical isolation. In  Fig. 6: How to select the appropriate NS isolation plan order to achieve the better security level, it is always use air-gap (bare-metal) isolation than apply logical isolation. However, it may cost most and less flexibility.

V. CONCLUSION AND OUTLOOKS
When deploying NSaaS, MNO must resolve various levels of complex deployment and operation issues in order to provide a secure service to the vertical industries (tenants). Although, 3GPP has thoroughly laid out the 5G standalone architecture and provides network slice enablement functions, it has not yet identified the common practice and the security by design in operating the NSaaS. With its main functions based on virtualization and containerization technologies, NSaaS gives flexibilities and agilities to the telecommunication infrastructure; however, it also introduces meanwhile a number of new risk factors and widens the attack surface. In this paper, we have explored and addressed the complexity and challenges of risk factors and the attack surface in eight layers of NSaaS, which allow MNOs and tenants to identify the defense mechanisms on each of the particular network slice. Especially, for a NSaaS platform in operation, each of the network slice should put certain level of isolation in reflecting the level of protocol stack control from either the MNO or the tenant. Also, these deployed isolation methods are related to the overall protection of the network infrastructure, and defense mechanisms shall be embedded with the network architecture, e.g., micro-segmentation etc. We have also developed a mathematical model to represent the relationship between isolation level and the control distribution over MNO and tenant. This model can be used to guide the MNO and tenant in designing the SLA regarding their control levels and the isolation cost of the deployed network slice. The result shows that air-gap isolation provides the ideal performance of network slice deployment, but it also has the highest cost due to the under-utilization of resources. As a possible research direction for our future work, it is of our great interest to evolve the qualitative models we have developed in this article into quantitative ones. To do so, case studies upon specific deployment scenario and practical applications must be carried out.