Virtual network security: threats, countermeasures, and challenges

Network virtualization has become increasingly prominent in recent years. It enables the creation of network infrastructures that are specifically tailored to the needs of distinct network applications and supports the instantiation of favorable environments for the development and evaluation of new architectures and protocols. Despite the wide applicability of network virtualization, the shared use of routing devices and communication channels leads to a series of security-related concerns. It is necessary to provide protection to virtual network infrastructures in order to enable their use in real, large scale environments. In this paper, we present an overview of the state of the art concerning virtual network security. We discuss the main challenges related to this kind of environment, some of the major threats, as well as solutions proposed in the literature that aim to deal with different security aspects.

[1]  Luciana S. Buriol,et al.  No more backups: Toward efficient embedding of survivable virtual networks , 2013, 2013 IEEE International Conference on Communications (ICC).

[2]  C. Marquezan,et al.  Distributed autonomic resource management for network virtualization , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[3]  Akihiro Nakao,et al.  Minimum Disclosure Routing for Network Virtualization and Its Experimental Evaluation , 2013, IEEE/ACM Transactions on Networking.

[4]  Marco Aiello,et al.  International Conference on Computational Science and Engineering , 2012 .

[5]  Gustavo Prado Alkmim,et al.  Mapping virtual networks onto substrate networks , 2013, Journal of Internet Services and Applications.

[6]  Otto Carlos Muniz Bandeira Duarte,et al.  XNetMon: A Network Monitor for Securing Virtual Networks , 2011, 2011 IEEE International Conference on Communications (ICC).

[7]  Otto Carlos Muniz Bandeira Duarte,et al.  Virtual networks: isolation, performance, and trends , 2011, Ann. des Télécommunications.

[8]  Valérie Issarny,et al.  Guest editorial: Special issue on the future of middleware , 2011, Journal of Internet Services and Applications.

[9]  Federico Boccardi,et al.  Load & backhaul aware decoupled downlink/uplink access in 5G systems , 2014, 2015 IEEE International Conference on Communications (ICC).

[10]  Tilman Wolf,et al.  Fair multithreading on packet processors for scalable network virtualization , 2010, 2010 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[11]  Francisco Vilar Brasileiro,et al.  Sandboxing for a free-to-join grid with support for secure site-wide storage area , 2006, First International Workshop on Virtualization Technology in Distributed Computing (VTDC 2006).

[12]  Daan Broeder,et al.  A data infrastructure reference model with applications: towards realization of a ScienceTube vision with a data replication service , 2013, Journal of Internet Services and Applications.

[13]  Sampath Rangarajan,et al.  NVS: a virtualization substrate for WiMAX networks , 2010, MobiCom.

[14]  A. F. Adams,et al.  The Survey , 2021, Dyslexia in Higher Education.

[15]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[16]  Yanfeng Zhang,et al.  MultiNet: Multiple Virtual Networks for a Reliable Live Streaming Service , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[17]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[18]  Yi Ding,et al.  Network security for virtual machine in cloud computing , 2010, 5th International Conference on Computer Sciences and Convergence Information Technology.

[19]  Lisandro Zambenedetti Granville,et al.  Data Center Network Virtualization: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[20]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[21]  Sakir Sezer,et al.  Sdn Security: A Survey , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[22]  Stefan Schmid,et al.  Adversarial VNet embeddings: A threat for ISPs? , 2013, 2013 Proceedings IEEE INFOCOM.

[23]  Mohamed Faten Zhani,et al.  Venice: Reliable virtual data center embedding in clouds , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[24]  Eduardo B. Fernández,et al.  An analysis of security issues for cloud computing , 2013, Journal of Internet Services and Applications.

[25]  Ying Wang,et al.  A Survivable Virtual Network Embedding scheme based on load balancing and reconfiguration , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[26]  Wei Xie,et al.  Security and Privacy in Cloud Computing: A Survey , 2010, 2010 Sixth International Conference on Semantics, Knowledge and Grids.

[27]  Deep Medhi,et al.  Establishing Secure Virtual Trust Routing and Provisioning Domains for Future Internet , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[28]  Biswanath Mukherjee,et al.  Disaster-resilient virtual-network mapping and adaptation in optical networks , 2013, 2013 17th International Conference on Optical Networking Design and Modeling (ONDM).

[29]  Raouf Boutaba,et al.  iMark: An identity management framework for network virtualization environment , 2009, 2009 IFIP/IEEE International Symposium on Integrated Network Management.

[30]  Wanlei Zhou,et al.  Entropy-Based Collaborative Detection of DDOS Attacks on Community Networks , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).

[31]  Raouf Boutaba,et al.  A survey of network virtualization , 2010, Comput. Networks.

[32]  Roel Wieringa,et al.  Security Implications of Virtualization: A Literature Study , 2009, 2009 International Conference on Computational Science and Engineering.

[33]  Luciana S. Buriol,et al.  A heuristic-based algorithm for privacy-oriented virtual network embedding , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[34]  Yakov Rekhter,et al.  BGP/MPLS IP Virtual Private Networks (VPNs) , 2006, RFC.

[35]  David Wolinsky,et al.  On the Design of Virtual Machine Sandboxes for Distributed Computing in Wide-area Overlays of Virtual Workstations , 2006, First International Workshop on Virtualization Technology in Distributed Computing (VTDC 2006).

[36]  Scott Shenker,et al.  Overcoming the Internet impasse through virtualization , 2005, Computer.

[37]  Chris I. Dalton,et al.  Towards automated provisioning of secure virtualized networks , 2007, CCS '07.

[38]  Qi Cui,et al.  Design and Implementation of a Network Supporting Environment for Virtual Experimental Platforms , 2009, 2009 WRI International Conference on Communications and Mobile Computing.

[39]  Franz Ko,et al.  Computer Sciences and Convergence Information Technology (ICCIT), 2010 5th International Conference on , 2010 .

[40]  Ulas C. Kozat,et al.  Designing and embedding reliable virtual infrastructures , 2011, CCRV.