Formally verified latency-aware VNF placement in industrial Internet of things

The innovative applications of 5G core technologies, namely Software Defined Networking (SDN) and Network Function Virtualization (NFV), are the key enabling technologies of industrial Internet of things (IIoT) to improve data network robustness. In the industrial scenario, with strict demands on end-to-end latency and reliability during critical events, these technologies can be leveraged to construct chains of network functions (service graphs) characterized by guarantees about latency, jitter, packet loss or redundancy. Moreover, real-time monitoring techniques provided by network virtualization help in mitigating critical events (e.g. failures or network attacks), which can be faced by updating the service graph and imposing new policies in the network. In practice, the distributed and safety-critical nature of IIoT applications requires both an intelligent placement of services across physically separated locations, which has a direct impact on latency, and a proper policy enforcement system, which guarantees service reliability, safety, and security. This paper considers both aspects by proposing a novel Virtual Network Function (VNF) placement solution for IIoT that minimizes the overall latency and, at the same time, also verifies that network-wide policies such as connectivity or isolation hold between the endpoints. In particular, this work relies on recent advances in SMT (Satisfiability Modulo Theories) solvers, which are being enhanced to solve the Maximum Satisfiability (MaxSAT) problem.

[1]  Luying Zhou,et al.  Applying NFV/SDN in mitigating DDoS attacks , 2017, TENCON 2017 - 2017 IEEE Region 10 Conference.

[2]  Huaiyu Dai,et al.  A Survey on Low Latency Towards 5G: RAN, Core Network and Caching Solutions , 2017, IEEE Communications Surveys & Tutorials.

[3]  H. T. Mouftah,et al.  Latency-aware segmentation and trust system placement in smart grid SCADA networks , 2016, 2016 IEEE 21st International Workshop on Computer Aided Modelling and Design of Communication Links and Networks (CAMAD).

[4]  Nuno Neves,et al.  Secure Virtual Network Embedding in a Multi-Cloud Environment , 2017, ArXiv.

[5]  David A. Maltz,et al.  Network traffic characteristics of data centers in the wild , 2010, IMC '10.

[6]  Andreas Mitschele-Thiel,et al.  Latency Critical IoT Applications in 5G: Perspective on the Design of Radio Interface and Network Architecture , 2017, IEEE Communications Magazine.

[7]  Igor Nai Fovino,et al.  An experimental investigation of malware attacks on SCADA systems , 2009, Int. J. Crit. Infrastructure Prot..

[8]  Nikolaj Bjørner,et al.  νZ - An Optimizing SMT Solver , 2015, TACAS.

[9]  Nikolaj Bjørner,et al.  νZ - Maximal Satisfaction with Z3 , 2014, SCSS.

[10]  Wolfgang Kellerer,et al.  VirtuWind: virtual and programmable industrial network prototype deployed in operational wind park , 2016, Trans. Emerg. Telecommun. Technol..

[11]  Ehab Al-Shaer,et al.  SmartAnalyzer: A noninvasive security threat analyzer for AMI smart grid , 2012, 2012 Proceedings IEEE INFOCOM.

[12]  Xin Li,et al.  An NFV Orchestration Framework for Interference-Free Policy Enforcement , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[13]  H. T. Mouftah,et al.  Optimal Trust System Placement in Smart Grid SCADA Networks , 2016, IEEE Access.

[14]  Ehab Al-Shaer,et al.  Formal Analysis for Dependable Supervisory Control and Data Acquisition in Smart Grids , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[15]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[16]  Stefano Secci,et al.  Virtual network functions placement and routing optimization , 2015, 2015 IEEE 4th International Conference on Cloud Networking (CloudNet).

[17]  Antonio Manzalini,et al.  Formal Verification of Virtual Network Function Graphs in an SP-DevOps Context , 2015, ESOCC.

[18]  Michal Pióro,et al.  SNDlib 1.0—Survivable Network Design Library , 2010, Networks.

[19]  Ersin Dincelli,et al.  Using Features of Cloud Computing to Defend Smart Grid against DDoS Attacks , 2015 .

[20]  Miroslav Svéda,et al.  Improving security in SCADA systems through firewall policy analysis , 2013, 2013 Federated Conference on Computer Science and Information Systems.

[21]  Xiang Cheng,et al.  Virtual network embedding through topology awareness and optimization , 2012, Comput. Networks.

[22]  Minlan Yu,et al.  Rethinking virtual network embedding: substrate support for path splitting and migration , 2008, CCRV.

[23]  Wolfgang Kellerer,et al.  Applying NFV and SDN to LTE mobile core gateways, the functions placement problem , 2014, AllThingsCellular '14.

[24]  Hussein T. Mouftah,et al.  Cloud-Centric Collaborative Security Service Placement for Advanced Metering Infrastructures , 2019, IEEE Transactions on Smart Grid.

[25]  Matthew Harvey,et al.  Visualizing NISTIR 7628, Guidelines for Smart Grid Cyber Security , 2014, 2014 Power and Energy Conference at Illinois (PECI).

[26]  Brighten Godfrey,et al.  Debugging the data plane with anteater , 2011, SIGCOMM.

[27]  Piero Castoldi,et al.  Latency-aware composition of Virtual Functions in 5G , 2015, Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft).

[28]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[29]  Fernando Boavida,et al.  GENSEN: A Topology Generator for Real Wireless Sensor Networks Deployment , 2007, SEUS.

[30]  Ratul Mahajan,et al.  Measuring ISP topologies with Rocketfuel , 2004, IEEE/ACM Transactions on Networking.

[31]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[32]  J M C Gonzalez,et al.  Optimization of Trust System Placement for Power Grid Security and Compartmentalization , 2011, IEEE Transactions on Power Systems.