Towards cost optimization in security-aware service function chaining and embedding over multi-vendor edge networks

Frequent cyber-attacks compel service providers to employ security-aware service functions (S-SFs) while delivering network services. Typically, one S-SF can be implemented by diverse configurations, each requiring different implementation costs and providing various security levels. These multi-configured S-SFs could compose various security-aware service function chains (S-SFCs) to satisfy the security requirement of incoming network request. How to properly compose an S-SFC and effectively deploy it remains an open challenging problem. In this work, we discover the "reDundancy security A ccumulatio N "(DAN) phenomenon caused by the direct-summation-fashion when calculating the security level (SeL) of an S-SFC and propose novel methodology to estimate the SeL of one S-SFC for avoiding DAN. To begin, we introduce the concept security level indicator (SeLI) and our novel methodology. Next, we formulate the problem of security-aware SF selection, chaining, and deployment (Sec-SFCD) with the objective function of cost optimization and prove its NP-hardness. To solve this problem, we propose the security-cost-balance (SCB) factor technique, which measures the average cost of satisfying one unit of security requirement. Based on this technique, we further develop an efficient algorithm called SCB-based S-SFC deployment (SCB-SD) and improves it by proposing overflowing security level elimination (OSE) technique. Through our thorough analysis, we show the logarithm approximation of SCB-SD and SCB-SD with OSE technique (SSD-OSE). The extensive simulation results validate SSD-OSE' s logarithm-approximation and demonstrate that it significantly outperforms the benchmarks directly extended from the state-of-the-art by an average of 17.98 % and 67.47 %.