Advanced Search
Volume 41 Issue 11
Nov.  2019
Turn off MathJax
Article Contents
Article Navigation >  Journal of Electronics & Information Technology  > 2019  >  41(11): 2699-2707
Peng YI, Jichao XIE, Zhen ZHANG, Yunjie GU, Dan ZHAO. A Service Function Chain Deployment Method Against Side Channel Attack[J]. Journal of Electronics & Information Technology, 2019, 41(11): 2699-2707. doi: 10.11999/JEIT190127
Citation: Peng YI, Jichao XIE, Zhen ZHANG, Yunjie GU, Dan ZHAO. A Service Function Chain Deployment Method Against Side Channel Attack[J]. Journal of Electronics & Information Technology, 2019, 41(11): 2699-2707. doi: 10.11999/JEIT190127
shu

A Service Function Chain Deployment Method Against Side Channel Attack

doi: 10.11999/JEIT190127

  • National Digital Switching System Engineering & Technological Research Center, Zhengzhou 450002, China

Funds:  The National Science Foundation of China (61802429, 61872382, 61521003), The National Key R&D Program of China (2017YFB0803201, 2017YFB0803204)
  • Received Date: 2019-03-01
  • Rev Recd Date: 2019-06-11
    • Available Online: 2019-06-20
  • Publish Date: 2019-11-01
    Abstract
  • Side channel attack is the primary way to leak information between tenants in current cloud computing environment. However, existing Service Function Chain (SFC) deployment methods do not fully consider the side channel attack problem faced by the Virtual Network Function (VNF) in the multi-tenant environment. A SFC deployment method is proposed against side channel attack. A tenant classification strategy based on average time and a deployment strategy considering historical information are introduced. Under the resource constraints of the SFC, the optimization model is established with the goal of minimizing the number of servers that the tenant can cover. And a deployment algorithm is designed based on the greedy choice. The experimental results show that, compared with other deployment methods, this method can significantly improve the difficulty and cost of malicious tenant to realize co-residence, and reduces the risk of side channel attack faced by tenants.
    • FullText(HTML)
  • loading
    • References(20)
  • MEDHAT A M, TALEB T, ELMANGOUSH A, et al. Service function chaining in next generation networks: State of the art and research challenges[J]. IEEE Communications Magazine, 2017, 55(2): 216–223. doi: 10.1109/MCOM.2016.1600219RP
    周伟林, 杨芫, 徐明伟. 网络功能虚拟化技术研究综述[J]. 计算机研究与发展, 2018, 55(4): 675–688. doi: 10.7544/issn1000-1239.2018.20170937

    ZHOU Weilin, YANG Yuan, and XU Mingwei. Network function virtualization technology research[J]. Journal of Computer Research and Development, 2018, 55(4): 675–688. doi: 10.7544/issn1000-1239.2018.20170937
    BO Yi, WANG Xingwei, LI Keqin, et al. A comprehensive survey of Network Function Virtualization[J]. Computer Networks, 2018, 133: 212–262. doi: 10.1016/j.comnet.2018.01.021
    袁泉, 汤红波, 黄开枝, 等. 基于Q-learning算法的vEPC虚拟网络功能部署方法[J]. 通信学报, 2017, 38(8): 172–182. doi: 10.11959/j.issn.1000-436x.2017173

    YUAN Quan, TANG Hongbo, HUANG Kaizhi, et al. Deployment method for vEPC virtualized network function via Q-learning[J]. Journal on Communications, 2017, 38(8): 172–182. doi: 10.11959/j.issn.1000-436x.2017173
    GHAZNAVI M, KHAN A, SHAHRIAR N, et al. Elastic virtual network function placement[C]. Proceedings of the IEEE 4th International Conference on Cloud Networking, Niagara Falls, Canada, 2015: 1–7.
    MIJUMBI R, HASIJA S, DAVY S, et al. Topology-aware prediction of virtual network function resource requirements[J]. IEEE Transactions on Network and Service Management, 2017, 14(1): 106–120. doi: 10.1109/TNSM.2017.2666781
    陈卓, 冯钢, 刘蓓, 等. 运营商网络中面向资源碎片优化的网络服务链构建策略[J]. 电子与信息学报, 2018, 40(4): 763–769. doi: 10.11999/JEIT170641

    CHEN Zhuo, FENG Gang, LIU Bei, et al. Construction policy of network service chain oriented to resource fragmentation optimization in operator network[J]. Journal of Electronics &Information Technology, 2018, 40(4): 763–769. doi: 10.11999/JEIT170641
    QU Long, ASSI C, SHABAN K, et al. A reliability-aware network service chain provisioning with delay guarantees in NFV-enabled enterprise datacenter networks[J]. IEEE Transactions on Network and Service Management, 2017, 14(3): 554–568. doi: 10.1109/TNSM.2017.2723090
    FIROOZJAEI M D, JEONG J, KO H, et al. Security challenges with network functions virtualization[J]. Future Generation Computer Systems, 2017, 67: 315–324. doi: 10.1016/j.future.2016.07.002
    梁鑫, 桂小林, 戴慧珺, 等. 云环境中跨虚拟机的Cache侧信道攻击技术研究[J]. 计算机学报, 2017, 40(2): 317–336. doi: 10.11897/SP.J.1016.2017.00317

    LIANG Xin, GUI Xiaolin, DAI Huijun, et al. Cross-VM cache side channel attacks in cloud: A survey[J]. Chinese Journal of Computers, 2017, 40(2): 317–336. doi: 10.11897/SP.J.1016.2017.00317
    ZHANG Xu, WANG Haining, and WU Zhenyu. A measurement study on co-residence threat inside the cloud[C]. Proceedings of the 24th USENIX Conference on Security Symposium, Washington, USA, 2015: 929–944.
    ATYA A O F, QIAN Zhiyun, KRISHNAMURTHY S V, et al. Malicious co-residency on the cloud: Attacks and defense[C]. Proceedings of IEEE Conference on Computer Communications, Atlanta, USA, 2017: 1–9.
    赵硕, 季新生, 毛宇星, 等. 基于安全等级的虚拟机动态迁移方法[J]. 通信学报, 2017, 38(7): 165–174. doi: 10.11959/j.issn.1000-436x.2017091

    ZHAO Shuo, JI Xinsheng, MAO Yuxing, et al. Research on dynamic migration of virtual machine based on security level[J]. Journal on Communications, 2017, 38(7): 165–174. doi: 10.11959/j.issn.1000-436x.2017091
    ZHANG Tianwei, ZHANG Yinqian, and LEE R B. CloudRadar: A real-time side-channel attack detection system in clouds[C]. Proceedings of 19th International Symposium on Research in Attacks, Intrusions, and Defenses, Paris, France, 2016: 118–140.
    NOSHY M, IBRAHIM A, and ALI H A. Optimization of live virtual machine migration in cloud computing: A survey and future directions[J]. Journal of Network and Computer Applications, 2018, 110: 1–10. doi: 10.1016/j.jnca.2018.03.002
    LIU Shuhao, CAI Zhiping, XU Hong, et al. Towards security-aware virtual network embedding[J]. Computer Networks, 2015, 91: 151–163. doi: 10.1016/j.comnet.2015.08.014
    HAN Yi, CHAN J, ALPCAN T, et al. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing[J]. IEEE Transactions on Dependable and Secure Computing, 2017, 14(1): 95–108. doi: 10.1109/TDSC.2015.2429132
    HAN Yi, ALPCAN T, CHAN J, et al. A game theoretical approach to defend against co-resident attacks in cloud computing: Preventing co-residence using semi-supervised learning[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(3): 556–570. doi: 10.1109/TIFS.2015.2505680
    LI Defang, HONG Peilin, XUE Kaiping, et al. Virtual network function placement considering resource optimization and SFC requests in cloud datacenter[J]. IEEE Transactions on Parallel and Distributed Systems, 2018, 29(7): 1664–1677. doi: 10.1109/TPDS.2018.2802518
    BARI F, CHOWDHURY S R, AHMED R, et al. Orchestrating virtualized network functions[J]. IEEE Transactions on Network and Service Management, 2016, 13(4): 725–739. doi: 10.1109/TNSM.2016.2569020
    • Relative Articles
    • Supplements(0)
    • Cited By
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(12)  / Tables(2)

    Get Citation
    PDF
    XML

    Article Metrics

    Article views (2785) PDF downloads(67) Cited by()
    Proportional views
    Related

    © 2018 JOURNAL OF ELECTRONICS & INFORMATION TECHNOLOGY 京ICP备20021838号-8

    Institute of Electronics, Chinese Academy of Sciences, P.O.Box 2702, Beijing100190

    Tel:010-58887066Fax:021-64253812Email:jeit@mail.ie.ac.cn

    Supported by: Beijing Renhe Information Technology Co. Ltd

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return