Towards cost optimization in security-aware service function chaining and embedding over multi-vendor edge networks
Frequent cyber-attacks compel service providers to employ security-aware service functions (S-SFs) while delivering network services. Typically, one S-SF can be implemented by diverse configurations, each requiring different implementation costs and providing various security levels. These multi-con...
Uloženo v:
| Vydáno v: | Computer networks (Amsterdam, Netherlands : 1999) Ročník 257; s. 111002 |
|---|---|
| Hlavní autoři: | , , , , , |
| Médium: | Journal Article |
| Jazyk: | angličtina |
| Vydáno: |
Elsevier B.V
01.02.2025
|
| Témata: | |
| ISSN: | 1389-1286 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Shrnutí: | Frequent cyber-attacks compel service providers to employ security-aware service functions (S-SFs) while delivering network services. Typically, one S-SF can be implemented by diverse configurations, each requiring different implementation costs and providing various security levels. These multi-configured S-SFs could compose various security-aware service function chains (S-SFCs) to satisfy the security requirement of an incoming network request. How to properly compose an S-SFC and effectively deploy it remains an open and challenging problem. In this work, we discover the “reDundancy security AccumulatioN” (DAN) phenomenon caused by the direct-summation-fashion when calculating the security level (SeL) of an S-SFC and propose a novel methodology to estimate the SeL of one S-SFC for avoiding DAN. To begin, we introduce the concept of security level indicator (SeLI) and our novel methodology. Next, we formulate the problem of security-aware SF selection, chaining, and deployment (Sec-SFCD) with the objective function of cost optimization and prove its NP-hardness. To solve this problem, we propose the security-cost-balance (SCB) factor technique, which measures the average cost of satisfying one unit of security requirement. Based on this technique, we further develop an efficient algorithm called SCB-based S-SFC deployment (SCB-SD) and improves it by proposing the overflowing security level elimination (OSE) technique. Through our thorough analysis, we show the logarithm-approximation of SCB-SD and SCB-SD with OSE technique (SSD-OSE). The extensive simulation results validate SSD-OSE’ s logarithm-approximation and demonstrate that it significantly outperforms the benchmarks directly extended from the state-of-the-art by an average of 17.98 % and 67.47 %.
•Towards the need for deploying massive amounts of security-aware SFCs (S-SFCs), this work investigates how to compose and deploy an S-SFC with a specific security level requirement (SeLR).•For the first time, this work proposes a novel methodology to estimate the security level (SeL) of one S-SFC for avoiding the defined “reDundancy security AccumulatioN” (DAN) phenomenon caused by the direct-summation-fashion.•Based on these concepts, this work proposes a novel problem called “Security-aware Service Function Selection, Chaining and Deployment (Sec-SFCD)” using the estimated security level instead of pre-defined or pre-given security levels.•This work proposes a provably efficient solution towards solving the proposed Sec-SFCD problem. With solid mathematical proofs, the proposed algorithm, SCB-based S-SFC deployment with overflowing security level elimination technique (SSD-OSE), achieves logarithm-approximation in optimizing the deployment cost. |
|---|---|
| ISSN: | 1389-1286 |
| DOI: | 10.1016/j.comnet.2024.111002 |