Secure Virtual Network Embedding in a Multi-Cloud Environment
- 1. LaSIGE, Faculdade de Ciências, Universidade de Lisboa, Portugal
- 2. CEG–IST, Instituto Superior T´ecnico, Universidade de Lisboa, Portugal
Description
Recently-proposed virtualization platforms give Cloud users the freedom to specify their network topologies and addressing schemes. These platforms have, however, been targeting a single datacenter of a cloud provider, which is insufficient to support (critical) applications that need to be deployed across multiple trust domains while enforcing diverse security requirements. This paper addresses this problem by presenting a novel solution for a central component of network virtualization –the online network embedding, which finds efficient mappings of virtual networks requests onto the substrate network. Our solution considers security as a first class citizen, enabling the definition of flexible policies in three central areas: on the communications, where alternative security compromises can be explored (e.g.,encryption); on the computations, supporting redundancy if necessary while capitalizing on hardware assisted trusted executions; across multiples clouds, including public and private facilities, with the associated trust levels. We formulate the solution as a Mixed Integer Linear Program (MILP), and evaluate our proposal against the most commonly used alternative. Our analysis gives insight into the trade-offs involved with the inclusion of security and trust into network virtualization, providing evidence that this notion may enhance profits under the appropriate cost models.
Files
1703.01313.pdf
Files
(1.1 MB)
Name | Size | Download all |
---|---|---|
md5:fb9eaf4dccf05c21cc09ebffe82947d3
|
1.1 MB | Preview Download |
Additional details
Related works
- Is identical to
- arXiv:1703.01313 (arXiv)
- Is supplemented by
- 10.5281/zenodo.998587 (DOI)