Security-Awareness in Network Virtualization: A Classified Overview

Network virtualization is a promising solution to overcoming ossification of the current Internet. With the support of Software Defined Networking components, the Service Provider can customize the network request as a virtual network, which is agilely implemented in the physical network managed by the Infrastructure Provider. In the literature, extensive works have studied the enabling technologies of network virtualization, with a focus on the virtual network embedding (VNE) problem that allocates substrate resources to instantiate the virtual network request. Very limited work, however, has taken the security aspects of network virtualization into account. In this work, we present a comprehensive overview of the security issues in network virtualization. Under different criteria, we classify possible security attacks into various categories. For security issues that are related to the VNE process, we model and define the Security-Aware Network Embedding problem, and address it with an optimal framework. We also discuss other security issues that are independent of the VNE process.

[1]  Marija Furdek Physical-Layer Attacks in Optical WDM Networks and Attack-Aware Network Planning , 2010 .

[2]  Julong Lan,et al.  Virtual Network with Security Guarantee Embedding Algorithms , 2013, J. Comput..

[3]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[4]  Hui Xiong,et al.  Integrity Verification of K-means Clustering Outsourced to Infrastructure as a Service (IaaS) Providers , 2013, SDM.

[5]  Xiaojun Cao,et al.  Connectivity as a Service: Towards optical-based network virtualization , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[6]  Raouf Boutaba,et al.  Virtual Network Embedding with Coordinated Node and Link Mapping , 2009, IEEE INFOCOM 2009.

[7]  Huan Liu,et al.  A new form of DOS attack in a cloud and its avoidance mechanism , 2010, CCSW '10.

[8]  Ming Xu,et al.  Security-aware virtual network embedding , 2014, 2014 IEEE International Conference on Communications (ICC).

[9]  Lena Wosinska,et al.  A New Approach to Optical Networks Security: Attack-Aware Routing and Wavelength Assignment , 2010, IEEE/ACM Transactions on Networking.

[10]  Scott Shenker,et al.  Overcoming the Internet impasse through virtualization , 2005, Computer.

[11]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[12]  Hermann de Meer,et al.  Position Paper: Secure Virtual Network Embedding , 2011, Prax. Inf.verarb. Kommun..

[13]  Stefan Schmid,et al.  Adversarial VNet embeddings: A threat for ISPs? , 2013, 2013 Proceedings IEEE INFOCOM.

[14]  Holger Karl,et al.  A virtual network mapping algorithm based on subgraph isomorphism detection , 2009, VISA '09.

[15]  Luciana S. Buriol,et al.  Security-aware optimal resource allocation for virtual network embedding , 2012, 2012 8th international conference on network and service management (cnsm) and 2012 workshop on systems virtualiztion management (svm).

[16]  Xiaojun Cao,et al.  Resolve the virtual network embedding problem: A column generation approach , 2013, 2013 Proceedings IEEE INFOCOM.

[17]  Lixin Gao,et al.  How to lease the internet in your spare time , 2007, CCRV.

[18]  Xavier Hesselbach,et al.  Virtual Network Embedding: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[19]  Edward L. Haletky VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment , 2009 .