Daniel S. Marcon scite author profile

et al. 2013

Network virtualization can potentially limit the impact of attacks by isolating traffic from different networks. However, routers and links are still vulnerable to attacks on the underlying network. Specifically, should a physical link be compromised, all embedded virtual links will be affected. Previous work protects virtual networks by setting aside backup resources. Although effective, this solution tends to be expensive as backup resources usually remain idle. In this paper, we present a novel virtual network allocation approach which explores the trade-off between resilience to attacks and efficiency in resource utilization. Our approach is composed of two complementary strategies, one preventive and the other reactive. The former embeds virtual links into multiple substrate paths, while the latter attempts to reallocate any capacity affected by an underlying DoS attack. Both strategies are modeled as optimization problems. Numerical results show the level of resilience to attacks and the low cost demanded by our approach.

No more backups: Toward efficient embedding of survivable virtual networks

Oliveira

Bays

et al. 2013

Although network virtualization can improve security by isolating traffic from different networks, routers and links are still vulnerable to attacks on the underlying network. High capacity physical links, in particular, constitute good targets since they may be important for a large number of virtual networks. Previous work protects virtual networks by setting aside backup resources. Although effective, this solution increases the cost to infrastructure providers. In this paper, we present a virtual network embedding approach which enables resilience to attacks and efficiency in resource utilization. Our approach is two-folded: while a preventive strategy embeds virtual links into multiple substrate paths, a reactive strategy attempts to reallocate any capacity affected by an underlying DoS attack. Since the embedding problem is NP-Hard, we devise a Simulated Annealing meta-heuristic to solve it efficiently. Results show our solution can provide resilience to attacks at a lower cost.

Opportunistic resilience embedding (ORE): Toward cost-efficient resilient virtual networks

et al. 2015

a b s t r a c tNetwork Virtualization promotes the development of new architectures and protocols by enabling the creation of multiple virtual networks on top of the same physical substrate. One of its main advantages is the use of isolation to limit the scope of attacks -that is, avoiding traffic from one virtual network to interfere with the others. However, virtual networks are still vulnerable to disruptions on the underlying network. Particularly, high capacity physical links constitute good targets since they may be important for a large number of virtual networks.Previous work protects virtual networks by setting aside backup resources. Although effective, this kind of solution tends to be expensive, as backup resources increase the cost to infrastructure providers and usually remain idle. This paper presents ORE (opportunistic resilience embedding), a novel embedding approach for protecting virtual links against substrate network disruptions. ORE's design is two-fold: while a proactive strategy embeds each virtual link into multiple substrate paths in order to mitigate the initial impact of a disruption, a reactive one attempts to recover any capacity affected by an underlying disruption. Both strategies are modeled as optimization problems. Additionally, since the embedding problem is N P-Hard, ORE uses a simulated annealing-based meta-heuristic to solve it efficiently. Numerical results show that ORE can provide resilience to disruptions at a lower cost.

Workflow specification and scheduling with security constraints in hybrid clouds

Bittencourt

Dantas³

et al. 2013

Hybrid cloud management must deal with resources from both public and private clouds, as well as their interaction. When workflows are executed in a hybrid cloud, dependencies among their components bring new factors to be considered during specification, scheduling, and virtual machine provisioning. In this paper, we describe three components, namely workflow code, scheduler, and resource allocator, which enable the specification and execution of workflows in hybrid clouds in the context of the AltoStratus middleware. We present a case study that shows the interaction among these components, and their applicability in practice.

Flow Based Load Balancing: Optimizing Web Servers Resource Utilization

Bays

2012

jacr

Abstract. The expansion of the Internet has caused a growth on the number of users requesting services through the network, as well as the number of servers and the amount of services they offer. In order to minimize this problem, web servers have started to use a distributed architecture implementation, however with only one external interface for receiving requests from users. In this paper, we propose an approach towards flow-oriented load balancing, using the OpenFlow technology. Thus, each data flow is directed to a server, according to the policy being employed. We evaluate three load balancing techniques: random choice, time slice based choice and weighted balancing, each of them with its advantages and disadvantages. Through our measurements, weighted balancing achieved the best results over the other policies. Moreover, random choice and time slice based choice are capable of distributing the load in an acceptable way among nodes, considering the average load of each server.