Dynamic migration method of key virtual network function based on risk awareness

被引：0

作者：

Ding S. ^{[1
]}

Xie J. ^{[1
]}

Zhang P. ^{[1
]}

Pu L. ^{[1
]}

Gu Y. ^{[1
]}

机构：

[1] Institute of Information Technology, Information Engineering University, Zhengzhou

来源：

Tongxin Xuebao/Journal on Communications | 2020年 / 41卷 / 04期

基金：

中国国家自然科学基金; 国家重点研发计划;

关键词：

Dynamic migration; Multi-attribute node sorting; Service function chain; Side-channel attack; Virtual network function;

D O I：

10.11959/j.issn.1000-436x.2020063

中图分类号：

学科分类号：

摘要：

Aiming at the problems that traditional dynamic migration methods have many migration nodes, high migration frequency, and long service function chain (SFC) link path after migration when dealing with side channel attack, a dynamic migration method of critical virtual network function (VNF) based on risk awareness was proposed. In order to reduce the number of migrated nodes, only the key VNF with private information was migrated. Combined with the side channel attack detection system, the triggering migration was performed on the critical VNF which were under attack, and the key VNF was also periodically migrated according to the side channel information leakage model. Finally, a multi-attribute node sorting method base on the technique for order preference by similarity to ideal solution was used to select the migration destination server to avoid the path being too long after migration. Experiments show that the proposed method has a lower number of migration nodes and migration frequency when achieving the same side channel attack defense performance, and effectively avoids the problem that the SFC path is too long after migration. © 2020, Editorial Board of Journal on Communications. All right reserved.

引用

页码：102 / 113

页数：11

共 21 条

[1] Mijumbi R., Serrat J., Gorricho J., Et al., Network function virtualization: state-of-the-art and research challenges, IEEE Communications Surveys & Tutorials, 18, 1, pp. 236-262, (2016)
[2] Wu J.X., Thoughts on the development of novel network technology, Science China (Information Sciences), 61, 10, pp. 144-154, (2018)
[3] Firoozjaei M.D., Jeong J.P., Ko H., Et al., Security challenges with network functions virtualization, Future Generation Computer Systems, 67, 7, pp. 315-324, (2017)
[4] Hu W., Research on security protection mechanism of virtual network function based on SGX, (2017)
[5] Bazm M., Lacoste M., Sudholt M., Isolation in cloud computing infrastructures: new security challenges, Annals of Telecommunications, 74, 1, pp. 197-209, (2019)
[6] Liang X., Gui X.L., Dai H.J., Et al., Cross-VM cache side channel attacks in cloud: a survey, Chinese Journal of Computer, 40, 2, pp. 317-336, (2017)
[7] Lyu Y., Mishra P., A survey of side-channel attacks on caches and countermeasures, Journal of Hardware and Systems Security, 2, 1, pp. 33-50, (2018)
[8] He P.C., Huang R.W., Chen N.J., Et al., Research progress on side-channel attacks in cloud environment, Application Research of Computer, 35, 4, pp. 969-973, (2018)
[9] Liu S., Cai Z., Xu H., Et al., Towards security-aware virtual network embedding, Computer Networks, 91, 11, pp. 151-163, (2015)
[10] Han Y., Chan J., Alpcan T., Et al., Using virtual machine allocation policies to defend against co-resident attacks in cloud computing, IEEE Transactions on Dependable and Secure Computing, 14, 1, pp. 95-108, (2017)

← 1 2 3 →