Redes Virtuais Seguras: Uma Nova Abordagem de Mapeamento para Proteger contra Ataques de Disrupção na Rede Física
Abstract
In network virtualization, virtual routers and links are embedded into a physical network infrastructure. Such characteristic represents a vulnerability as a compromised physical device affects all the overlaid virtual ones. Previous work proposes setting aside backup resources. Although effective, this solution aggregates cost to infrastructure providers. In this paper, we propose a virtual network allocation approach which explores the trade-off between resilience to attacks, and efficiency in resource utilization. Our approach is composed of two strategies, one preventive and the other reactive. The former allocates virtual links into multiple substrate paths, while the latter attempts to recover the capacity of virtual links affected by an underlying DoS attack. Both strategies are formulated as optimization problems. Numerical results show the level of resilience to attacks and the low cost demanded by our approach.References
Alkmim et al (2011). Optimal mapping of virtual networks. In GLOBECOM, IEEE, pages 1–6.
Andersen, D. G. (2002). Theoretical approaches to node assignment. Unpublished manuscript. http://www.cs.cmu.edu/~dga/papers/andersen-assign.ps.
Belbekkouche et al (2012). Resource discovery and allocation in network virtualization. Comm. Surv. Tut., IEEE, PP(99):1–15.
Chen et al (2010). Resilient virtual network service provision in network virtualization environments. In ICPADS, IEEE, pages 51–58.
Cheng et al (2012). Virtual network embedding through topology awareness and optimization. Comput. Netw., 56(6):1797–1813.
Chowdhury, N. M. K. and Boutaba, R. (2010). A survey of network virtualization. Comp. Netw., 54(5):862–876.
Chowdhury et al (2009). Virtual network embedding with coordinated node and link mapping. In INFOCOM, IEEE, pages 783–791.
Fortz, B. and Thorup, M. (2004). Increasing internet capacity using local search. Comput. Optim. and Applic., 29:13–48.
Guo et al (2011). Shared backup network provision for virtual network embedding. In ICC, IEEE, pages 1–5.
He, J. and Rexford, J. (2008). Toward internet-wide multipath routing. Network, IEEE, 22(2):16– 21.
Houidi et al (2010). Adaptive virtual network provisioning. In 2nd SIGCOMM VISA workshop, ACM, pages 41–48.
Khan et al (2012). Network virtualization: a hypervisor for the internet? Comm. Mag., IEEE, 50(1):136–143.
Medhi, D. (2006). Network restoration. In Resende, M. G. C. and Pardalos, P. M., editors, Handbook of Optimization in Telecomm., pages 801–836. Springer US.
Rahman et al (2010). Survivable virtual network embedding. In Crovella, M. et al., editor, NETWORKING 2010, volume 6091 of LNCS, pages 40–52. Springer Berlin / Heidelberg.
Yeow et al (2010). Designing and embedding reliable virtual infrastructures. In 2nd SIGCOMM VISA workshop, ACM, pages 33–40.
Yu et al (2011). Cost efficient design of survivable virtual infrastructure to recover from facility node failures. In ICC, IEEE, pages 1–6.
Zhang et al (2010). Reliable adaptive multipath provisioning with bandwidth and differential delay constraints. In Proc. INFOCOM, IEEE, pages 2178–2186.
Andersen, D. G. (2002). Theoretical approaches to node assignment. Unpublished manuscript. http://www.cs.cmu.edu/~dga/papers/andersen-assign.ps.
Belbekkouche et al (2012). Resource discovery and allocation in network virtualization. Comm. Surv. Tut., IEEE, PP(99):1–15.
Chen et al (2010). Resilient virtual network service provision in network virtualization environments. In ICPADS, IEEE, pages 51–58.
Cheng et al (2012). Virtual network embedding through topology awareness and optimization. Comput. Netw., 56(6):1797–1813.
Chowdhury, N. M. K. and Boutaba, R. (2010). A survey of network virtualization. Comp. Netw., 54(5):862–876.
Chowdhury et al (2009). Virtual network embedding with coordinated node and link mapping. In INFOCOM, IEEE, pages 783–791.
Fortz, B. and Thorup, M. (2004). Increasing internet capacity using local search. Comput. Optim. and Applic., 29:13–48.
Guo et al (2011). Shared backup network provision for virtual network embedding. In ICC, IEEE, pages 1–5.
He, J. and Rexford, J. (2008). Toward internet-wide multipath routing. Network, IEEE, 22(2):16– 21.
Houidi et al (2010). Adaptive virtual network provisioning. In 2nd SIGCOMM VISA workshop, ACM, pages 41–48.
Khan et al (2012). Network virtualization: a hypervisor for the internet? Comm. Mag., IEEE, 50(1):136–143.
Medhi, D. (2006). Network restoration. In Resende, M. G. C. and Pardalos, P. M., editors, Handbook of Optimization in Telecomm., pages 801–836. Springer US.
Rahman et al (2010). Survivable virtual network embedding. In Crovella, M. et al., editor, NETWORKING 2010, volume 6091 of LNCS, pages 40–52. Springer Berlin / Heidelberg.
Yeow et al (2010). Designing and embedding reliable virtual infrastructures. In 2nd SIGCOMM VISA workshop, ACM, pages 33–40.
Yu et al (2011). Cost efficient design of survivable virtual infrastructure to recover from facility node failures. In ICC, IEEE, pages 1–6.
Zhang et al (2010). Reliable adaptive multipath provisioning with bandwidth and differential delay constraints. In Proc. INFOCOM, IEEE, pages 2178–2186.
Published
2012-11-19
How to Cite
OLIVEIRA, Rodrigo R.; BAYS, Leonardo R.; MARCON, Daniel S.; NEVES, Miguel C.; BURIOL, Luciana S.; GASPARY, Luciano P.; BARCELLOS, Marinho P..
Redes Virtuais Seguras: Uma Nova Abordagem de Mapeamento para Proteger contra Ataques de Disrupção na Rede Física. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 12. , 2012, Curitiba.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2012
.
p. 235-248.
DOI: https://doi.org/10.5753/sbseg.2012.20549.
