Abstract
Both individuals and organizations appreciate the deployment of elastic virtual computing resources on demand in public and private Infrastructure as a Service (IaaS) clouds. Virtual Network Embedding (VNE) algorithms provide the automated and efficient resource assignment necessary for this use case. With the increase of participating parties, the relevance of security-aware Virtual Machine (VM) placement for production environments is increased, too. The problem is extended to networks when VNE algorithms consider security requirements of the interconnection between VM. This chapter presents a solution for realizing how security requirements of Virtual Network (VN) can be implemented in the VNE and how they can be mapped in the physical network. The chapter provides an implementation of this security-aware VNE model in ALEVIN—an open source simulation platform. This shows that the model is applicable with a realistic use case and allows to evaluate the embedding.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
It should be noted, though, that algorithms that do not optimize for security constraints will likely produce suboptimal results in many cases.
- 2.
D.G. Andersen, Theoretical Approaches to Node Assignment (unpublished manuscript, 2002).
References
E. Amaldi, S. Coniglio, A.M. Koster, M. Tieves, On the computational complexity of the virtual network embedding problem. Electron Notes Discrete Math. 52, 213–220 (2016). {INOC} 2015 7th International Network Optimization Conference
L.R. Bays, R.R. Oliveira, L.S. Buriol, M.P. Barcellos, L.P. Gaspary, Security-aware optimal resource allocation for virtual network embedding, in Proceedings of the 8th International Conference on Network and Service Management, CNSM ’12 (International Federation for Information Processing, Laxenburg, 2013), pp. 378–384
L.R. Bays, R.R. Oliveira, M.P. Barcellos, L.P. Gaspary, E.R. Mauro Madeira, Virtual network security: threats, countermeasures, and challenges. J. Internet Serv. Appl. 6(1), 1 (2015)
M.T. Beck, A. Fischer, F. Kokot, C. Linnhoff-Popien, H. De Meer, A simulation framework for virtual network embedding algorithms, in 6th International Telecommunications Network Strategy and Planning Symposium (Networks 2014) (IEEE, New York, 2014), pp. 1–6
S. Berger, R. Cáceres, K.A. Goldman, R. Perez, R. Sailer, L. van Doorn, vtpm: kirtualizing the trusted platform module, in Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, Berkeley, 2006
N. Chowdhury, M. Rahman, R. Boutaba, Virtual network embedding with coordinated node and link mapping, in IEEE INFOCOM 2009 (2009), pp. 783–791
M. Chowdhury, M. Rahman, R. Boutaba, Vineyard: virtual network embedding algorithms with coordinated node and link mapping. IEEE/ACM Trans. Networking 20(1), 206–219 (2012)
B. Doll, D. Emmerich, R. Herkenhöner, R. Kühn, H. de Meer, On Location-Determined Cloud Management for Legally Compliant Outsourcing (Springer Fachmedien Wiesbaden, Wiesbaden, 2015), pp. 61–73
A. Fischer, H. De Meer, Position paper: secure virtual network embedding. Praxis der Informationsverarbeitung und Kommunikation 34(4), 190–193 (2011)
A. Fischer, J.F. Botero, M. Duelli, D. Schlosser, X. Hesselbach, H. De Meer, ALEVIN - a framework to develop, compare, and analyze virtual network embedding algorithms. Electron. Commun. EASST 37, 1–12 (2011)
A. Fischer, J.F. Botero, M.T. Beck, H. De Meer, X. Hesselbach, Virtual network embedding: a survey. IEEE Commun. Surv. Tutorials 15(4), 1888–1906 (2013)
J. Lischka, H. Karl, A virtual network mapping algorithm based on subgraph isomorphism detection, in VISA ’09: Proceedings of the 1st ACM Workshop on Virtualized Infrastructure Systems and Architectures (ACM, New York, 2009), pp. 81–88
S. Liu, Z. Cai, H. Xu, M. Xu, Security-aware virtual network embedding, in 2014 IEEE International Conference on Communications (ICC) (2014), pp. 834–840
S. Liu, Z. Cai, H. Xu, M. Xu, Towards security-aware virtual network embedding. Comput. Netw. 91, 151–163 (2015)
C. Papagianni, A. Leivadeas, S. Papavassiliou, V. Maglaris, C. Cervello-Pastor, A. Monje, On the optimal allocation of virtual resources in cloud computing networks. IEEE Trans. Comput. 62(6), 1060–1071 (2013)
M. Yu, Y. Yi, J. Rexford, M. Chiang, Rethinking virtual network embedding: substrate support for path splitting and migration. SIGCOMM Comput. Commun. Rev. 38(2), 17–29 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Kühn, R., Fischer, A., de Meer, H. (2019). Modeling Security Requirements for VNE Algorithms: A Practical Approach. In: Puliafito, A., Trivedi, K. (eds) Systems Modeling: Methodologies and Tools. EAI/Springer Innovations in Communication and Computing. Springer, Cham. https://doi.org/10.1007/978-3-319-92378-9_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-92378-9_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-92377-2
Online ISBN: 978-3-319-92378-9
eBook Packages: EngineeringEngineering (R0)