Security aware instantiation of network services and/or virtualized network functions

1 . An apparatus, comprising: comparing means for comparing a security requirement for a higher level function with respective security levels of one or more virtualized lower level functions, wherein each of the one or more virtualized lower level functions is configured to deploy the higher level function; selecting means for selecting a selected virtualized lower level function of the one or more virtualized lower level functions, wherein the security level of the selected virtualized lower level function is equal to or higher than the security requirement; and instantiating means for instantiating the higher level function on the selected virtualized lower level function. 2 . The apparatus according to claim 1 , wherein the higher level function comprises a network service or a network function and the lower level function is a virtual network function, or the higher level function comprises a virtual network function and the lower level function comprises a networks functions virtualization infrastructure. 3 . The apparatus according to claim 1 , wherein the selecting means is additionally configured to take into account, for selecting the selected lower level function, at least one of a future security requirement for the higher level function, a scalability of the higher level function deployed on the selected lower level function, costs to deploy the higher level function on the selected lower level function, and a performance of the higher level function deployed on the selected lower level function. 4 . The apparatus according to claim 1 , wherein the security requirement and each of the security levels is expressed by a respective numerical value; the comparing means is configured to compare the numerical value of the security requirement with the respective numerical value of each of the one or more lower level functions; and wherein the selecting means is configured to select the selected lower level function if the numerical value of the security requirement and the numerical value of the security level of the selected lower level function fulfill a predetermined relationship. 5 . The apparatus according to claim 1 , wherein the security requirement comprises plural security sub-requirements and each of the security levels comprises corresponding plural security sub-levels; the comparing means is configured to compare one or more of the plural security sub-requirements with the corresponding security sub-level of each of the virtualized lower level functions; and wherein the selecting means is configured to select the selected virtualized lower level function if each of the compared security sub-levels of the selected virtualized lower level function is equal to or higher than the corresponding security sub-requirement. 6 . The apparatus according to claim 1 , wherein the security requirement comprises plural sub-requirements and each of the security levels comprises corresponding plural security sub-levels, and wherein the apparatus further comprises determining means for determining a global security requirement based on one or more of the plural security sub-requirements and to determine a respective global security level for each of the lower level functions based on the corresponding one or more of the security sub-levels; wherein the comparing means is configured to compare the global security requirement with the respective global security levels and wherein the selecting means is configured to select the selected virtualized lower level function if the global security level of the selected virtualized lower level function is equal to or higher than the global security requirement. 7 . The apparatus according to claim 1 , further comprising: control means for controlling the comparing means, the selecting means, and the instantiating means such that, in a first step, the higher level function is a network service or a network function, the virtualized lower level functions are virtualized network functions, and the selected virtualized lower level function is one of the virtualized network functions, and, in a second step following the first step, the higher level function is the selected virtualized network function, the virtualized lower level functions are network functions virtualization infrastructures, and the selected virtualized lower level function is one of the network functions virtualization infrastructures. 8 . The apparatus according to claim 1 , further comprising: determining means for determining at least one of the security levels based on at least one of an attribute, a location, a vendor, a virtualization type, and other tenants of the respective virtualized lower level function. 9 . A method, comprising: comparing a security requirement for a higher level function with respective security levels of one or more virtualized lower level functions, wherein each of the one or more virtualized lower level functions is capable to deploy the higher level function; selecting a selected virtualized lower level function of the one or more virtualized lower level functions, wherein the security level of the selected virtualized lower level function is equal to or higher than the security requirement; and instantiating the higher level function on the selected virtualized lower level function. 10 . The method according to claim 9 , wherein the higher level function comprises a network service or a network function and the lower level function is a virtual network function, or the higher level function comprises a virtual network function and the lower level function is a networks functions virtualization infrastructure. 11 . The method according to claim 9 , wherein the selecting takes additionally into account, for selecting the selected lower level function, at least one of a future security requirement for the higher level function, a scalability of the higher level function deployed on the selected lower level function, costs to deploy the higher level function on the selected lower level function, and a performance of the higher level function deployed on the selected lower level function. 12 . The method according to claim 9 , wherein the security requirement and each of the security levels is expressed by a respective numerical value; the numerical value of the security requirement is compared with the respective numerical value of each of the one or more lower level functions; and wherein the selected lower level function is selected if the numerical value of the security requirement and the numerical value of the security level of the selected lower level function fulfill a predetermined relationship. 13 . The method according to claim 9 , wherein the security requirement comprises plural security sub-requirements and each of the security levels comprises corresponding plural security sub-levels; one or more of the plural security sub-requirements are compared with the corresponding security sub-level of each of the virtualized lower level functions; and wherein the selected virtualized lower level function is selected if each of the compared security sub-levels of the selected virtualized lower level function is equal to or higher than the corresponding security sub-requirement. 14 . The method according to claim 9 , wherein the security requirement comprises plural sub-requirements and each of the security levels comprises corresponding plural security sub-levels, and wherein the method further comprises determining a global security requirement based on one or more of the plural security sub-requirements and to determine a respective globa