A provably efficient in-network computing services deployment approach for security burst

•Towards the periodic need for enhancing and migrating security service to defend against ever-changing cyber-attacks within the in-network computing (INC) paradigm, this work investigates how to cost-efficiently satisfy specific security burst requirement (SeBR) while maximizing the resource re-uti...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Computer networks (Amsterdam, Netherlands : 1999) Ročník 272; s. 111737
Hlavní autori: Zheng, Danyang, Wang, Chao, Xu, Honghui, Tang, Wenyi, Zhong, Yihan, Cao, Xiaojun
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Elsevier B.V 01.11.2025
Predmet:
Approximate algorithm
Cost optimization
In-network computing
Security burst
Security burst
Approximate algorithm
In-network computing
Cost optimization
ISSN:1389-1286
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:•Towards the periodic need for enhancing and migrating security service to defend against ever-changing cyber-attacks within the in-network computing (INC) paradigm, this work investigates how to cost-efficiently satisfy specific security burst requirement (SeBR) while maximizing the resource re-utilization of the original security service.•For the first time, this work proposes the concept of security burst (SEB) and focuses on minimizing the additional cost of satisfying the SeBR by extending the original security service path, rather than establishing a new service path.•Based on these concepts, this work proposes a novel problem called “INC-enabled Service Migration for SEB (ISME)” with the objective of additional cost optimization and formally prove its NP-hardness.•This work proposes a provably efficient solution towards solving the proposed ISME problem. With solid mathematical proofs and extensive simulation results, the proposed algorithm, CSB measure-based security enhancement (CSB-SE), guarantees logarithm-approximate performance and outperforms the benchmark by an average of 29.12 % regarding the total service cost and 94.04 % in terms of additional cost. The emerging in-network computing (INC) technique delegates computations to the network data plane, enabling clients' data to be processed during transmission. However, processing transmitted data within INC-enabled network devices may lead to security concerns and broaden the attack surface as sensitive data can be exposed during computation, making the network more susceptible to various cyber-attacks. To protect against such cyber-attacks, especially in security-sensitive applications such as finance and healthcare, clients might periodically enhance service security requirements regarding the importance of their to-be-transmitted data. This periodic security enhancement is called a “security burst” (SEB). To meet such enhancement, one may implement security-aware network functions (S-NFs) like firewall and deep packet inspection on smart routers or switches along the forwarding path while maximizing the re-utilization of this path. Despite the growing interest in INC and security service deployment, existing solutions typically assume static security requirements and overlook the dynamic, on-demand security enhancements such as SEBs. Furthermore, prior approaches rarely consider the re-utilization of existing in-path services, leading to higher additional costs. To fill this gap, this work shows pioneering efforts in tackling SEB for INC-enabled services. Assuming that re-employing the resources along the original forwarding path does not incur bandwidth cost, we formally establish a novel problem called INC-enabled Service Migration for SEB (ISME) to optimize additional cost and prove its NP-hardness. To solve this problem, we design an efficient cost-security-burst (CSB) measure and develop an innovative CSB measure-based security enhancement (CSB-SE) algorithm, which is mathematically proved to be logarithm approximate. Extensive simulations show that CSB-SE guarantees logarithm-approximate performance and outperforms the benchmark by an average of 37.11 % regarding the total service cost and 102.38 % in terms of the additional cost.
ISSN:1389-1286
DOI:10.1016/j.comnet.2025.111737