{"title":"NFV拓扑的自动合成:面向安全需求的设计","authors":"A. Jakaria, M. Rahman, Carol J. Fung","doi":"10.23919/CNSM.2017.8256033","DOIUrl":null,"url":null,"abstract":"Cyber defense today heavily depends on expensive and proprietary hardware deployed at fixed locations. Network functions virtualization (NFV) reduces the limitations of these vendor specific hardware by allowing a flexible and dynamic implementation of virtual network functions in virtual machines running on commercial off-the-shelf servers. These network functions can work as a filter to distinguish between a legitimate packet and an attack packet, and can be deployed dynamically to balance the variable attack load. However, allocating resources to these virtual machines is an NP-hard problem. In this work, we propose a solution to this problem and determine the number and placement of the VMs. We design and implement NFVSynth, an automated framework that models the resource specifications, incoming packet processing requirements, and network bandwidth constraints. It uses satisfiability modulo theories (SMT) for modeling this synthesis problem and provides a satisfiable solution. We also present simulated experiments to demonstrate the scalability and usability of the solution.","PeriodicalId":211611,"journal":{"name":"2017 13th International Conference on Network and Service Management (CNSM)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Automated synthesis of NFV topology: A security requirement-oriented design\",\"authors\":\"A. Jakaria, M. Rahman, Carol J. Fung\",\"doi\":\"10.23919/CNSM.2017.8256033\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyber defense today heavily depends on expensive and proprietary hardware deployed at fixed locations. Network functions virtualization (NFV) reduces the limitations of these vendor specific hardware by allowing a flexible and dynamic implementation of virtual network functions in virtual machines running on commercial off-the-shelf servers. These network functions can work as a filter to distinguish between a legitimate packet and an attack packet, and can be deployed dynamically to balance the variable attack load. However, allocating resources to these virtual machines is an NP-hard problem. In this work, we propose a solution to this problem and determine the number and placement of the VMs. We design and implement NFVSynth, an automated framework that models the resource specifications, incoming packet processing requirements, and network bandwidth constraints. It uses satisfiability modulo theories (SMT) for modeling this synthesis problem and provides a satisfiable solution. We also present simulated experiments to demonstrate the scalability and usability of the solution.\",\"PeriodicalId\":211611,\"journal\":{\"name\":\"2017 13th International Conference on Network and Service Management (CNSM)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 13th International Conference on Network and Service Management (CNSM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/CNSM.2017.8256033\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 13th International Conference on Network and Service Management (CNSM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/CNSM.2017.8256033","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Automated synthesis of NFV topology: A security requirement-oriented design
Cyber defense today heavily depends on expensive and proprietary hardware deployed at fixed locations. Network functions virtualization (NFV) reduces the limitations of these vendor specific hardware by allowing a flexible and dynamic implementation of virtual network functions in virtual machines running on commercial off-the-shelf servers. These network functions can work as a filter to distinguish between a legitimate packet and an attack packet, and can be deployed dynamically to balance the variable attack load. However, allocating resources to these virtual machines is an NP-hard problem. In this work, we propose a solution to this problem and determine the number and placement of the VMs. We design and implement NFVSynth, an automated framework that models the resource specifications, incoming packet processing requirements, and network bandwidth constraints. It uses satisfiability modulo theories (SMT) for modeling this synthesis problem and provides a satisfiable solution. We also present simulated experiments to demonstrate the scalability and usability of the solution.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
