Journal on Communications ›› 2020, Vol. 41 ›› Issue (4): 102-113.doi: 10.11959/j.issn.1000-436x.2020063
• Papers • Previous Articles Next Articles
Shaohu DING,Jichao XIE(),Peng ZHANG,Liming PU,Yunjie GU
Revised:
2020-03-03
Online:
2020-04-25
Published:
2020-04-30
Supported by:
CLC Number:
Shaohu DING,Jichao XIE,Peng ZHANG,Liming PU,Yunjie GU. Dynamic migration method of key virtual network function based on risk awareness[J]. Journal on Communications, 2020, 41(4): 102-113.
"
符号 | 描述 | 符号 | 描述 |
底层物理网络 | 接入交换机和出口交换机 | ||
通用服务器集合、交换机集合和物理链路集合 | βr | 服务链r所需处理的流量大小 | |
n ,s,l | 底层网络中服务器、交换机和物理链路总数 | τr | 请求r的生命周期 |
交换机连接矩阵 | ψr | 处理流量所需的VNF序列 | |
Bi ,j∈R+ | 交换机节点i到 j的通信链路容量 | m | 请求中VNF的总数量 |
V =Λ(u)={v|Bu ,v>0} | 与交换机u直连的交换机集合 | 请求r中第i∈{1,2,…,m}个VNF的类型 | |
服务器与交换机连接矩阵 | SFC请求有向图 | ||
Hi ,j∈{0,1} | 服务器节点i是否连接在交换机j上 | Nr | 节点(接入交换机、VNF、出口交换机)集合 |
K,k | 服务器资源类型集合和资源类型总数量 | Lr | 连接节点的虚拟链路集合 |
Cn×k | 底层服务器资源容量矩阵 | SFC请求拓扑Gr映射到物理网络拓扑 | |
Ci,j∈R+ | 服务器节点i上可提供的第 j类资源的数量 | 请求r 中m个VNF与n个服务器节点间的映射关系矩阵 | |
当前网络服务器资源和链路资源的剩余情况 | |||
P,p | VNF类型集合和VNF类型总数量 | ||
VNF资源需求系数矩阵 | |||
Qi ,j | i类型VNF处理单位带宽流量所占用 j类资源数量 | 接入交换机和出口交换机 | |
服务器节点可承载的VNF类型矩阵 | li 1r ,i+∈Lr | 请求r 中 | |
Si ,j∈{0,1} | 服务器节点i是否支持j类型VNF的部署 | 交换机u 与交换机v之间的物理链路 | |
R | 租户SFC的请求集合 | 虚拟链路 | |
租户SFC请求信息 | 虚拟链路 |
[1] | MIJUMBI R , SERRAT J , GORRICHO J ,et al. Network function virtualization:state-of-the-art and research challenges[J]. IEEE Communications Surveys & Tutorials, 2016,18(1): 236-262. |
[2] | WU J X . Thoughts on the development of novel network technology[J]. Science China (Information Sciences), 2018,61(10): 144-154. |
[3] | FIROOZJAEI M D , JEONG J P , KO H ,et al. Security challenges with network functions virtualization[J]. Future Generation Computer Systems, 2017,67(7): 315-324. |
[4] | 胡威 . 基于 SGX 的虚拟网络功能安全保护机制研究[D]. 武汉:武汉大学, 2017. |
HU W . Research on security protection mechanism of virtual network function based on SGX[D]. Wuhan:Wuhan University, 2017. | |
[5] | BAZM M , LACOSTE M , SUDHOLT M . Isolation in cloud computing infrastructures:new security challenges[J]. Annals of Telecommunications, 2019,74(1): 197-209. |
[6] | 梁鑫, 桂小林, 戴慧珺 ,等. 云环境中跨虚拟机的 Cache 侧信道攻击技术研究[J]. 计算机学报, 2017,40(2): 317-336. |
LIANG X , GUI X L , DAI H J ,et al. Cross-VM cache side channel attacks in cloud:a survey[J]. Chinese Journal of Computer, 2017,40(2): 317-336. | |
[7] | LYU Y , MISHRA P . A survey of side-channel attacks on caches and countermeasures[J]. Journal of Hardware and Systems Security, 2018,2(1): 33-50. |
[8] | 何佩聪, 黄汝维, 陈宁江 ,等. 云环境中的侧通道攻击研究进展[J]. 计算机应用研究, 2018,35(4): 969-973. |
HE P C , HUANG R W , CHEN N J ,et al. Research progress on side-channel attacks in cloud environment[J]. Application Research of Computer, 2018,35(4): 969-973. | |
[9] | LIU S , CAI Z , XU H ,et al. Towards security-aware virtual network embedding[J]. Computer Networks, 2015,91(11): 151-163. |
[10] | HAN Y , CHAN J , ALPCAN T ,et al. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing[J]. IEEE Transactions on Dependable and Secure Computing, 2017,14(1): 95-108. |
[11] | HAN Y , ALPCAN T , CHAN J ,et al. A game theoretical approach to defend against co-resident attacks in cloud computing:preventing co-residence using semi-supervised learning[J]. IEEE Transactions on Information Forensics and Security, 2016,11(3): 556-570. |
[12] | XU Z , WAND H , WU Z . A measurement study on co-residence threat inside the cloud[C]// Proceedings of the 24th USENIX Conference on Security Symposium. Berkeley:USENIX Association, 2015: 929-944. |
[13] | AINAPURE B S , SHAH D , RAO A A . Understanding perception of cache-based side-channel attack on cloud environment[M]. Berlin: SpringerPress, 2017. |
[14] | 赵硕, 季新生, 毛宇星 ,等. 基于安全等级的虚拟机动态迁移方法[J]. 通信学报, 2017,38(7): 165-174. |
ZHAO S , JI X S , MAO Y S ,et al. Research on dynamic migration of virtual machine based on security level[J]. Journal on Communications, 2017,38(7): 165-174. | |
[15] | MOON S , SEKAR V , REITER M . Nomad:mitigating arbitrary cloud side channels via provider-assisted migration[C]// The 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2015: 1595-1606. |
[16] | ATYA A O F , QIAN Z , KRISHNAMURTHY S V ,et al. Malicious co-residency on the cloud:attacks and defense[C]// IEEE Conference on Computer Communications. Piscataway:IEEE Press, 2017: 1-9. |
[17] | ZHANG T , ZHANG Y , LEE R B . CloudRadar:a real-time side-channel attack detection system in clouds[C]// International Symposium on Research in Attacks,Intrusions,and Defenses. Berlin:Springer, 2016: 118-140. |
[18] | 伊鹏, 谢记超, 张震 ,等. 抗侧信道攻击的服务功能链部署方法[J]. 电子与信息学报, 2019,41(11): 2699-2707. |
YI P , XIE J C , ZHANG Z ,et al. A service function chain deployment method against side channel attack[J]. Journal of Electronics and Information Technology, 2019,41(11): 2699-2707. | |
[19] | 龚水清, 陈靖, 黄聪会 ,等. 信任感知的安全虚拟网络映射算法[J]. 通信学报, 2015,36(11): 180-189. |
GONG S Q , CHEN J , HUANG H C ,et al. Trust-aware secure virtual network embedding algorithm[J]. Journal on Communications, 2015,36(11): 180-189. | |
[20] | LI D , HONG P , XUE K ,et al. Virtual network function placement considering resource optimization and SFC requests in cloud datacenter[J]. IEEE Transactions on Parallel and Distributed Systems, 2018,29(7): 1664-1677. |
[21] | BARI F , CHOWDHURY S R , AHMED R ,et al. Orchestrating virtualized network functions[J]. IEEE Transactions on Network and Service Management, 2016,13(4): 725-739. |
[1] | Hao CHEN, Yuan YANG, Mingwei XU, Dan PEI, Yilin YOU. Parallel orchestration and deployment system for scalable heterogeneous service function chain supporting polymorphic network [J]. Journal on Communications, 2022, 43(9): 1-11. |
[2] | Zexi XU, Lei ZHUANG, Kunli ZHANG, Mingyu GUI. Online placement algorithm of service function chain based on knowledge graph [J]. Journal on Communications, 2022, 43(8): 41-51. |
[3] | Julong LAN, Di ZHU, Dan LI. Intelligent prediction method of virtual network function resource capacity for polymorphic network service slicing [J]. Journal on Communications, 2022, 43(6): 143-155. |
[4] | Zhuo CHEN,Gang FENG,Yijing LIU,Yang ZHOU. Virtual network function deployment strategy based on improved genetic simulated annealing algorithm in MEC [J]. Journal on Communications, 2020, 41(4): 70-80. |
[5] | Kan WANG,Nan ZHAO,Junhuai LI,Huaijun WANG. Service function chain embedding algorithm with wireless multicast in mobile edge computing network [J]. Journal on Communications, 2020, 41(10): 37-47. |
[6] | Zhongnan ZHAO,Jian WANG,Hongwei GUO. Adaptive routing and wavelength assignment method based on SDN [J]. Journal on Communications, 2019, 40(9): 95-105. |
[7] | Dan LI,Julong LAN,Peng WANG,Yuxiang HU. Service function chain deployment algorithm based on optimal weighted graph matching [J]. Journal on Communications, 2019, 40(3): 10-18. |
[8] | Tong DUAN,Julong LAN,Yuxiang HU,Hongwei FAN. Orchestration mechanism for VNF hardware acceleration resources in SDN/NFV architecture [J]. Journal on Communications, 2018, 39(6): 98-108. |
[9] | Xiaorong ZHU,Qian ZHANG. Resource optimization algorithm of combination of NFV and SDN for application of multiple services [J]. Journal on Communications, 2018, 39(11): 54-62. |
[10] | Quan YUAN,Hong-bo TANG,Kai-zhi HUANG,Xiao-lei WANG,Yu ZHAO. Deployment method for vEPC virtualized network function via Q-learning [J]. Journal on Communications, 2017, 38(8): 172-182. |
[11] | Shuo ZHAO,Xin-sheng JI,Yu-xing MAO,Guo-zhen CHENG,Hong-chao HU. Research on dynamic migration of virtual machine based on security level [J]. Journal on Communications, 2017, 38(7): 165-174. |
[12] | Min WANG,Zhen WU,Jin-tao RAO,Zhi-bo DU. Mutual information power analysis attack in the frequency domain of the crypto chip [J]. Journal on Communications, 2015, 36(Z1): 131-135. |
[13] | . Simple power analysis attack against cryptosystemsbased on Montgomery algorithm [J]. Journal on Communications, 2013, 34(Z1): 20-161. |
[14] | Gang GAN,Min WANG,Zhi-bo DU,Zhen WU. Simple power analysis attack against cryptosystems based on Montgomery algorithm [J]. Journal on Communications, 2013, 34(Z1): 156-161. |
[15] | Min WANG,Zhen WU. Algorithm of NAF scalar multiplication on ECC against SPA [J]. Journal on Communications, 2012, 33(Z1): 228-232. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|