Solving security constraints for 5G slice embedding: A proof-of-concept

Abstract Network slicing is a prominent feature of 5G, which allow tenants to rent network and computing virtual resources from one or more Infrastructure Providers (InPs). Those resources are allocated according to tenants requirements, not only in terms of QoS but also in terms of security. In this paper, we build on our previous work to propose and evaluate a security-aware slice embedding implementation which enables tenants to declare security-oriented requirements, while limiting InP network information disclosure. To do so we improve our requirement model so that it becomes compatible with an Satisfiability Modulo Theories (SMT) formulation. Our implementation distinguishes two sub-problems, one for the intra-domain level (inside each InP) and one for the inter-domain level (in between the InPs). We leverage those sub-problems in a multi-level resolution algorithm to generate all multi-domain slice embeddings.

[1]  Xavier Hesselbach,et al.  ALEVIN - A Framework to Develop, Compare, and Analyze Virtual Network Embedding Algorithms , 2011, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[2]  Wolfgang Kellerer,et al.  Survey on Network Virtualization Hypervisors for Software Defined Networking , 2015, IEEE Communications Surveys & Tutorials.

[3]  Raouf Boutaba,et al.  PolyViNE: policy-based virtual network embedding across multiple domains , 2010, VISA 2010.

[4]  Xavier Hesselbach,et al.  Virtual Network Embedding: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[5]  David Dietrich,et al.  Multi-Provider Virtual Network Embedding With Limited Information Disclosure , 2015, IEEE Transactions on Network and Service Management.

[6]  Minlan Yu,et al.  Rethinking virtual network embedding: substrate support for path splitting and migration , 2008, CCRV.

[7]  Lemin Li,et al.  Quality of service aware virtual network mapping across multiple domains , 2013, 2013 IEEE Globecom Workshops (GC Wkshps).

[8]  Hermann de Meer,et al.  Modeling Security Requirements for VNE algorithms , 2017, VALUETOOLS.

[9]  Hervé Debar,et al.  Multi-Provider Secure Virtual Network Embedding , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[10]  Joao Marques-Silva,et al.  Fast, flexible MUS enumeration , 2015, Constraints.

[11]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[12]  Luciana S. Buriol,et al.  A heuristic-based algorithm for privacy-oriented virtual network embedding , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[13]  Ming Xu,et al.  Security-aware virtual network embedding , 2014, 2014 IEEE International Conference on Communications (ICC).

[14]  Djamal Zeghlache,et al.  Virtual network provisioning across multiple substrate networks , 2011, Comput. Networks.

[15]  Osamu Akashi,et al.  Efficient Virtual Network Optimization Across Multiple Domains Without Revealing Private Information , 2016, IEEE Trans. Netw. Serv. Manag..

[16]  Yang Wang,et al.  A Framework for Security-Aware Virtual Network Embedding , 2015, 2015 24th International Conference on Computer Communication and Networks (ICCCN).

[17]  Nuno Neves,et al.  Secure Virtual Network Embedding in a Multi-Cloud Environment , 2017, ArXiv.

[18]  Clifford Stein,et al.  Improved approximation algorithms for unsplittable flow problems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.