Request Complexity of VNet Topology Extraction: Dictionary-Based Attacks

Pignolet, Yvonne-Anne; Schmid, Stefan; Trédan, Gilles

doi:10.1007/978-3-642-40148-0_14

Cited by 2 publications

(1 citation statement)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our article builds upon our model introduced in a Brief Announcement at DISC [20]; the tree and cactus related results appeared at IN-FOCOM 2013 [21] and the dictionary was presented at NETYS 2013 [22].…”

Section: Related Workmentioning

confidence: 99%

Adversarial topology discovery in network virtualization environments: a threat for ISPs?

2014

Self Cite

View full text Add to dashboard Cite

Network virtualization is a new Internet paradigm which allows multiple virtual networks (VNets) to share the resources of a given physical infrastructure. The virtualization of entire networks is the natural next step after the virtualization of nodes and links.While the problem of how to embed a VNet ("guest network") on a given resource network ("host network") is algorithmically well-understood, much less is known about the security implications of this new technology. This paper introduces a new model to reason about one particular security threat: the leakage of information about the physical infrastructure-often a business secret.We initiate the study of this new problem and introduce the notion of request complexity which describes the number of VNet requests needed to fully disclose the substrate topology. We derive lower bounds and present algorithms achieving an asymptotically optimal request complexity for important graph classes such as trees, cactus graphs (complexity O(n)) as well as arbitrary graphs (complexity O(n 2 )). Moreover, a general motif-based topology discovery framework is described which exploits the poset structure of the VNet embedding relation.

show abstract

Section: Related Workmentioning

confidence: 99%

Adversarial topology discovery in network virtualization environments: a threat for ISPs?

2014

Self Cite

View full text Add to dashboard Cite

show abstract

Request Complexity of VNet Topology Extraction: Dictionary-Based Attacks

Pignolet

Schmid

Trédan³

2013

Networked Systems

Self Cite

View full text Add to dashboard Cite

Abstract. The network virtualization paradigm envisions an Internet where arbitrary virtual networks (VNets) can be specified and embedded over a shared substrate (e.g., the physical infrastructure). As VNets can be requested at short notice and for a desired time period only, the paradigm enables a flexible service deployment and an efficient resource utilization. This paper investigates the security implications of such an architecture. We consider a simple model where an attacker seeks to extract secret information about the substrate topology, by issuing repeated VNet embedding requests. We present a general framework that exploits basic properties of the VNet embedding relation to infer the entire topology. Our framework is based on a graph motif dictionary applicable for various graph classes. Moreover, we provide upper bounds on the request complexity, the number of requests needed by the attacker to succeed.

show abstract

Request Complexity of VNet Topology Extraction: Dictionary-Based Attacks

Cited by 2 publications

References 16 publications

Adversarial topology discovery in network virtualization environments: a threat for ISPs?

Adversarial topology discovery in network virtualization environments: a threat for ISPs?

Request Complexity of VNet Topology Extraction: Dictionary-Based Attacks

Contact Info

Product

Resources

About