TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation

Wang, Yushun; Madi, Taous; Majumdar, Suryadipta; Jarraya, Yosr; Alimohammadifar, Amir; Pourzandi, Makan; Wang, Lingyu; Debbabi, Mourad

doi:10.14722/ndss.2017.23365

Cited by 21 publications

(2 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The regression test suit avoids enforcing policies that may introduce security vulnerabilities or availability issues in the network. Other works [85], [71], [89], [90] concentrate on monitoring the network configuration changes to detect change events that introduce security failures.…”

Section: Traffic Filtering Enforcement Verificationmentioning

confidence: 99%

Network Services Anomalies in NFV: Survey, Taxonomy, and Verification Methods

Zoure

Ahmed

Réveillère

2022

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Network Function Virtualization (NFV) has emerged as a disruptive networking architecture whose galloping evolution is prompting enterprises to outsource network functions to the cloud and ultimately harvest the fruits of cloud computing, including elasticity, pay-as-you-go billing model, and on-demand services provisioning. However, many reluctant enterprises oppose the benefits of this outsourcing to their critical and pressing concerns about security, trust, and compliance. The latter anticipate possible security and QoS policy violations stemming from dishonest behaviors by cloud providers, attacks by co-resident competitors, misconfiguration by cloud administrators, or implementations flaws by NFV developers. As a result, migrating sensitive workloads to the cloud requires enterprises to first assess risks by gaining knowledge of possible network services' anomalies and second, to build trust in the cloud by designing effective mechanisms to detect such anomalies.This survey provides scrutiny of network services anomalies that may occur in the NFV environments. We first present a taxonomy of network service anomalies and analyze their negative impacts on critical service attributes, including security and performance. Second, we compare and classify the existing anomalies' verification mechanisms from the literature. Finally, we point out the literature gap and identify future research directions for anomalies verification in NFV.

show abstract

Section: Traffic Filtering Enforcement Verificationmentioning

confidence: 99%

Network Services Anomalies in NFV: Survey, Taxonomy, and Verification Methods

Zoure

Ahmed

Réveillère

2022

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…Cloud providers are responsible for manually writing available and secure network policies that are thus error-prone. Existing works such as NoD [3], Plotkin et al [4], Cloud Radar [5], Probst et al, [6] and Tenant-Guard [7] proposed several methods for verifying policies formatted routing rules.…”

Section: Introductionmentioning

confidence: 99%

<i>Verikube</i>: Automatic and Efficient Verification for Container Network Policies

Kang

Shin

2022

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Recently, Linux Container has been the de-facto standard for a cloud system, enabling cloud providers to create a virtual environment in a much more scaled manner. However, configuring container networks remains immature and requires automatic verification for efficient cloud management. We propose Verikube, which utilizes a novel graph structure representing policies to reduce memory consumption and accelerate verification. Moreover, unlike existing works, Verikube is compatible with the complex semantics of Cilium Policy which a cloud adopts from its advantage of performance. Our evaluation results show that Verikube performs at least seven times better for memory efficiency, at least 1.5 times faster for data structure management, and 20K times better for verification.

show abstract

Fast BGP Simulation of Large Datacenters

Lopes

Rybalchenko

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation

Cited by 21 publications

References 12 publications

Network Services Anomalies in NFV: Survey, Taxonomy, and Verification Methods

Network Services Anomalies in NFV: Survey, Taxonomy, and Verification Methods

<i>Verikube</i>: Automatic and Efficient Verification for Container Network Policies

Fast BGP Simulation of Large Datacenters

Contact Info

Product

Resources

About