[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3837/tiis.2016.07.002

Virtual Network Embedding through Security Risk Awareness and Optimization

Gong, Shuiqing (College of Information and Navigation, Air Force Engineering University)
Chen, Jing (College of Information and Navigation, Air Force Engineering University)
Huang, Conghui (College of Information and Navigation, Air Force Engineering University)
Zhu, Qingchao (College of Information and Navigation, Air Force Engineering University)
Zhao, Siyi (College of Information and Navigation, Air Force Engineering University)

Publication Information

KSII Transactions on Internet and Information Systems (TIIS) / v.10, no.7, 2016 , pp. 2892-2913 More about this Journal

Abstract

Network virtualization promises to play a dominant role in shaping the future Internet by overcoming the Internet ossification problem. However, due to the injecting of additional virtualization layers into the network architecture, several new security risks are introduced by the network virtualization. Although traditional protection mechanisms can help in virtualized environment, they are not guaranteed to be successful and may incur high security overheads. By performing the virtual network (VN) embedding in a security-aware way, the risks exposed to both the virtual and substrate networks can be minimized, and the additional techniques adopted to enhance the security of the networks can be reduced. Unfortunately, existing embedding algorithms largely ignore the widespread security risks, making their applicability in a realistic environment rather doubtful. In this paper, we attempt to address the security risks by integrating the security factors into the VN embedding. We first abstract the security requirements and the protection mechanisms as numerical concept of security demands and security levels, and the corresponding security constraints are introduced into the VN embedding. Based on the abstraction, we develop three security-risky modes to model various levels of risky conditions in the virtualized environment, aiming at enabling a more flexible VN embedding. Then, we present a mixed integer linear programming formulation for the VN embedding problem in different security-risky modes. Moreover, we design three heuristic embedding algorithms to solve this problem, which are all based on the same proposed node-ranking approach to quantify the embedding potential of each substrate node and adopt the k-shortest path algorithm to map virtual links. Simulation results demonstrate the effectiveness and efficiency of our algorithms.

Keywords

Network Virtualization; Virtual Network Embedding; Security; Node Ranking; Risk;

Citations & Related Records

Times Cited By KSCI : 2 (Citation Analysis)

Reference
Cited By KSCI

1	N. Chowdhury and R. Boutaba, “A survey of network virtualization,” Computer Networks, vol. 54, no. 5, pp. 862-876, 2010. Article (CrossRef Link). DOI
2	A.J. Wang, M. Iyer, R. Dutta, G.N. Rouskas and I. Baldine, “Network virtualization: technologies, perspectives, and frontiers,” Journal of Lightware Technology, vol. 31, no. 4, pp. 523-537, 2013. Article (CrossRef Link). DOI
3	T. Anderson, L. Peterson, S. Shenker and J. Turner, “Overcoming the Internet impasse through virtualization,” IEEE Computer Magazine, vol. 38, no. 4, pp. 34-41, 2005. Article (CrossRef Link). DOI
4	S. Natarajan and T. Wolf, "Security issues in network virtualization for the future Internet," in Proc. of IEEE ICNC, pp. 537-543, 2012. Article (CrossRef Link).
5	A. Fischer, J. F. Botero, M. Till Beck, H. De Meer and X. Hesselbach, “Virtual network embedding: a survey,” IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 1888-1906, 2013. Article (CrossRef Link). DOI
6	J. Liao, M. Feng, T. Li, J, Wang and S. Qing, “Topology-aware virtual network embedding using multiple characteristics,” KSII Transactions on Internet and Information Systems, vol. 8, no. 1, pp. 145-164, 2014. Article (CrossRef Link). DOI
7	D. Liao, G. Sun, V. Anand and H, Yu, “Efficient provisioning for multicast virtual network under single regional failure in cloud-based datacenters,” KSII Transactions on Internet and Information Systems, vol. 8, no. 7, pp. 2325-2349, 2014. Article (CrossRef Link).
8	M. Yu, Y. Yi, J. Rexford and M. Chiang, “Rethinking virtual network embedding: substrate support for path splitting and migration,” ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, pp. 17-29, 2008. Article (CrossRef Link). DOI
9	M. Chowdhury, M.R. Rahman and R. Boutaba, “ViNEYard: virtual network embedding algorithms with coordinated node and link mapping,” IEEE/ACM Transactions on Networking, vol. 20, no. 1, pp. 206-219, 2012. Article (CrossRef Link). DOI
10	X. Li, H. Wang, B. Ding, X.Y. Li and D. Feng, “Resource allocation with multi-factor node ranking in data center networks,” Future Generation Computer Systems, vol. 32, no. 2, pp. 1-12, 2014. Article (CrossRef Link). DOI
11	I. Fajjari, N. Aitsaadi, G. Pujolle, and H. Zimmermann, "VNE-AC: Virtual network embedding algorithm based on ant colony meta-heuristic," in Proc. of IEEE ICC, pp. 1 -6, 2011. Article (CrossRef Link).
12	X. Cheng, S. Su, Z. Zhang et al., “Virtual network embedding through topology awareness and optimization,” Computer Networks, vol. 56, no. 6, pp. 1797-1813, 2012. Article (CrossRef Link). DOI
13	G. Sun, H. Yu, A. Vishal and L. Li. “A cost efficient framework and algorithm for embedding dynamic virtual network requests,” Future Generation Computer Systems, vol. 29, no. 5, pp. 1265-1277, 2013. Article (CrossRef Link). DOI
14	A. Jarray and A. Karmouch. “Cost-Efficient Mapping for Fault-Tolerant Virtual Networks,” IEEE Transactions on Computers, vol. 64, no. 3, pp. 668-681, 2015. Article (CrossRef Link). DOI
15	A. Fischer and H. de Meer, “Position paper: Secure virtual network embedding,” Praxis der Informationsverarbeitung und Kommunikation, vol. 34, no. 4, pp. 190–193, 2011. Article (CrossRef Link).
16	H. Di, A. Vishal and H. Yu. “Design of reliable virtual infrastructure with resource sharing,” Computer Networks, vol. 62, no. 5, pp. 137-151, 2014. Article (CrossRef Link). DOI
17	S. Su, Z. Zhang, A. Liu et al., “Energy-aware virtual network embedding,” IEEE/ACM Translations on Networking, vol. 22, no. 5, pp. 1607-1620, 2014. Article (CrossRef Link). DOI
18	Z. Zhang, S. Su, J. Zhang, et al. “Energy aware virtual network embedding with dynamic demands: Online and offline,” Computer Networks, vol. 93, pp. 448-459, 2015. Article (CrossRef Link). DOI
19	C. Xing, J. Lan and Y. Hu, “Virtual Network with Security Guarantee Embedding Algorithms,” Journal of Computers, vol. 8, no. 11, pp. 2782-2788, 2013. Article (CrossRef Link). DOI
20	S. Liu, Z. Cai, H. Xu and M. Xu, "Security-aware virtual network embedding," in Proc. of IEEE ICC, pp. 834-840, 2014. Article (CrossRef Link).
21	S. Liu, Z. Cai, H. Xu and M. Xu, “Towards security-aware virtual network embedding,” Computer Networks, vol. 91, pp. 151-163, 2015. Article (CrossRef Link). DOI
22	A. Akhunzada, E. Ahmed, A. Gani, M. K. Khan, M. Imran and S. Guizani, “Securing software defined networks: taxonomy, requirements, and open issues,” IEEE Communications Magazine, vol. 53, no. 4, pp. 36-44, 2015. Article (CrossRef Link). DOI
23	A. Akhunzada , A. Gani, N.B. Anuar, A. Abdelaziz, M.K. Khan, A. Hayat, et al., “Secure and dependable software defined networks,” Journal of Network & Computer Applications, vol. 61, pp. 199-221, 2015. Article (CrossRef Link). DOI
24	M. Bianchini, M. Gori, and F. Scarselli, “Inside PageRank,” ACM Transactions on Internet Technology, vol. 5, no. 1, pp. 92–128, 2005. Article (CrossRef Link). DOI
25	S. Song, K. Hwang and Y. Kowk, “Risk-resilient heuristics and genetic algorithms for security-assured grid job scheduling,” IEEE Transactions on Computers, vol. 55, no. 6, pp. 703-719, 2006. Article (CrossRef Link). DOI
26	A. Schrijver, “Theory of linear and integer programming,” NewYork, NY, USA: Wiley, 1998.
27	D. Eppstein, "Finding the k shortest paths", in Proc. of the 35th IEEE Annual Symposium on Foundations of Computer Science, pp. 154-165, 1994. Article (CrossRef Link).
28	E. Zegura, K. Calvert and S. Bhattacharjee, "How to model an Internetwork," in Proc. of IEEE INFOCOM, March 24-28, 1996. Article (CrossRef Link).