Secure and Dependable Multi-Cloud Network Virtualization

Alaluna, Max; Vial, Eric; Neves, Nuno; Ramos, Fernando M. V.

doi:10.1145/3071064.3071066

Cited by 1 publication

(3 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our multi-cloud network virtualization platform, Sirius, leverages from Software Defined Networking (SDN) to build a substrate infrastructure that spreads across both public clouds and private data centers [5]. These resources are then transparently shared by various tenants, allowing the definition and deployment of virtual networks (VN) composed of a number of virtual hosts (containers in our implementation) interconnected by virtual switches, arranged in an arbitrary network topology.…”

Section: Multi-cloud Network Virtualizationmentioning

confidence: 99%

“…To overcome this problem, we have developed a platform that extends network virtualization to span multiple cloud providers [5,6]. Enriching the substrate this way results in a number of benefits in terms of cost (e.g., by taking advantage of the pricing dynamics of cloud services [7]), performance (for instance, by bringing services closer to their users), dependability, and security.…”

Section: Introductionmentioning

confidence: 99%

“…Please note that a node corresponds to a virtual switch, that can support hundreds to thousands of containers in a large VM (recallFigure 1). In fact, the setup of experiments with our prototype[5] included running over 6 thousand containers per VM.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Secure multi-cloud virtual network embedding

Alaluna

Ferrolho

Figueira

et al. 2020

Computer Communications

Self Cite

View full text Add to dashboard Cite

Modern network virtualization platforms enable users to specify custom topologies and arbitrary addressing schemes for their virtual networks. These platforms have, however, been targeting the data center of a single provider, which is insufficient to support (critical) applications that need to be deployed across multiple trust domains, while enforcing diverse security requirements. This paper addresses this limitation by presenting a novel solution for the central resource allocation problem of network virtualization -the virtual network embedding, which aims to find efficient mappings of virtual network requests onto the substrate network. We improve over the state-of-the-art by considering security as a first-class citizen of virtual networks, while enhancing the substrate infrastructure with resources from multiple cloud providers. Our solution enables the definition of flexible policies in three core elements: on the virtual links, where alternative security compromises can be explored (e.g., encryption); on the virtual switches, supporting various degrees of protection and redundancy if necessary; and on the substrate infrastructure, extending it across multiple clouds, including public and private facilities, with their inherently diverse trust levels associated. We propose an optimal solution to this problem formulated as a Mixed Integer Linear Program (MILP). The results of our evaluation give insight into the trade-offs associated with the inclusion of security demands into network virtualization. In particular, they provide evidence that enhancing the user's virtual networks with security does not preclude high acceptance rates and an efficient use of resources, and allows providers to increase their revenues.

show abstract

Section: Multi-cloud Network Virtualizationmentioning

confidence: 99%