Towards security-aware virtual network embedding

Network virtualization is one of the fundamental building blocks of cloud computing, where computation, storage and networking resources are shared through virtualization technologies. However, the complexity of virtualization exposes additional security vulnerabilities, which can be taken advantage of by malicious users. While traditional network security technologies can help in virtualized environments, we argue that it is cost-effective to isolate virtual resources with high security demands from the untrusted ones. This paper attempts to tackle the security issue by offering physical isolation during virtual network embedding, the process of allocating virtual networks onto physical nodes and links. We start from modelling the security demands in virtualized environments by analysing typical security vulnerabilities. A simple abstracted concept of security demands is defined to capture the variations of security requirements, based on which we formulate security-aware virtual network embedding as an optimization problem. The proposed objective and constraint functions involve both resource and security restrictions. Then, two heuristic algorithms are developed to solve this problem with splittable or unsplittable virtual links, respectively. Our simulation results demonstrate their ISome preliminary results were presented at IEEE ICC 2014. ∗Corresponding author. Phone No.: +86-139-7519-2193 Email addresses: [email protected] (Shuhao Liu), [email protected] (Zhiping Cai), [email protected] (Hong Xu), [email protected] (Ming Xu) Preprint submitted to Computer Networks August 23, 2015 efficiency and effectiveness.