Provably efficient security-aware service function tree composing and embedding in multi-vendor networks
Multicast greatly benefits many emerging applications such as federated learning, metaverse, and data warehouse. Recently, due to frequent cyber-attacks, multicast services have tended to request rigorous security agreements, which likely differ among the destinations. To meet such agreements, one c...
Uložené v:
| Vydané v: | Computer networks (Amsterdam, Netherlands : 1999) Ročník 254; s. 110843 |
|---|---|
| Hlavní autori: | , , , |
| Médium: | Journal Article |
| Jazyk: | English |
| Vydavateľské údaje: |
Elsevier B.V
01.12.2024
|
| Predmet: | |
| ISSN: | 1389-1286 |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Shrnutí: | Multicast greatly benefits many emerging applications such as federated learning, metaverse, and data warehouse. Recently, due to frequent cyber-attacks, multicast services have tended to request rigorous security agreements, which likely differ among the destinations. To meet such agreements, one can employ security-aware service functions (SFs) to construct the security-aware SF tree (S-SFT) for multicast services. A security-aware SF can be provided by various vendors with diverse configurations and implementation costs. The multi-configured SFs and the various security agreements will add significant complexity to the deployment process of the security-aware multicast request. In this work, for the first time, we study how to effectively compose and embed an S-SFT over the network with multiple vendors. We formulate the problem of security-aware SFT composing and embedding. We develop a new technique called cost-security-centrality (CSC) based on the pigeonhole’ s principle and propose a heuristic algorithm called CSC-based S-SFT deployment (CSC-SD). Via thorough mathematical proofs, we show that CSC-SD is logarithm approximate. Extensive simulations show that CSC-SD significantly outperforms the benchmarks and reveal that more function sharing facilitates saving implementation cost, but more routing sharing does not indicate saving routing cost.
•In response to the escalating demand for multicast support in burgeoning domains like the meta-verse and federated learning, where safeguarding service security is paramount, we introduce a pioneering architecture: the security-aware service function tree (S-SFT). By addressing diverse security requisites across distinct destinations, the security-aware service function tree enables the utilization of asymmetric service function chains between distinct source and destination pairs.•This work, for the first time, proposes a novel problem called security-aware service function tree composing and embedding with the objective of cost optimization. Despite the proof of its NP-hardness, we delve into the inefficiencies inherent in directly applying existing solutions on deploying SFTs or security-aware SF chains.•To solve the above problem, this work develops an efficient technique based on the pigeonhole’ s principle called cost-security-centrality (CSC) and proposes an innovative heuristic approach called CSC based S-SFT deployment (CSC-SD). Through thorough mathematical analysis, we show that the proposed CSC-SD is logarithm-approximate.•Extensive analysis and simulations show that (i) CSC-SD guarantees the logarithm-approximate performance, (ii) CSC-SD outperforms the state-of-the-art benchmark approaches by an average of 20.88% and 49.19%, and (iii) function sharing among different destinations facilitates saving implementation cost, but saving routing cost has no direct relationship with routing sharing. |
|---|---|
| ISSN: | 1389-1286 |
| DOI: | 10.1016/j.comnet.2024.110843 |