A robust optimization approach to backup network design with random failures

This paper presents a scheme in which a dedicated backup network is designed to provide protection from random link failures. Upon a link failure in the primary network, traffic is rerouted through a preplanned path in the backup network. We introduce a novel approach for dealing with random link failures, in which probabilistic survivability guarantees are provided to limit capacity over-provisioning. We show that the optimal backup routing strategy in this respect depends on the reliability of the primary network. Specifically, as primary links become less likely to fail, the optimal backup networks employ more resource sharing amongst backup paths. We apply results from the field of robust optimization to formulate an ILP for the design and capacity provisioning of these backup networks. We then propose a simulated annealing heuristic to solve this problem for largescale networks, and present simulation results that verify our analysis and approach.National Science Foundation (U.S.) (grant CNS-0626781)National Science Foundation (U.S.) (grant CNS-0830961)United States. Defense Threat Reduction Agency (grant HDTRA1-07-1-0004)United States. Defense Threat Reduction Agency (grant HDTRA-09-1-005

SDN Testbed for Evaluation of Large Exo-Atmospheric EMP Attacks

Large-scale nuclear electromagnetic pulse (EMP) attacks and natural disasters can cause extensive network failures across wide geographic regions. Although operational networks are designed to handle most single or dual faults, recent efforts have also focused on more capable multi-failure disaster recovery schemes. Concurrently, advances in software-defined networking (SDN) technologies have delivered highly-adaptable frameworks for implementing new and improved service provisioning and recovery paradigms in real-world settings. Hence this study leverages these new innovations to develop a robust disaster recovery (counter-EMP) framework for large backbone networks. Detailed findings from an experimental testbed study are also presented

Survivable Cloud Networking Services

Cloud computing paradigms are seeing very strong traction today and are being propelled by advances in multi-core processor, storage, and high-bandwidth networking technologies. Now as this growth unfolds, there is a growing need to distribute cloud services over multiple data-center sites in order to improve speed, responsiveness, as well as reliability. Overall, this trend is pushing the need for virtual network (VN) embedding support at the underlying network layer. Moreover, as more and more mission-critical end-user applications move to the cloud, associated VN survivability concerns are also becoming a key requirement in order to guarantee user service level agreements. Overall, several different types of survivable VN embedding schemes have been developed in recent years. Broadly, these schemes offer resiliency guarantees by pre-provisioning backup resources at service setup time. However, most of these solutions are only geared towards handling isolated single link or single node failures. As such, these designs are largely ineffective against larger regional stressors that can result in multiple system failures. In particular, many cloud service providers are very concerned about catastrophic disaster events such as earthquakes, floods, hurricanes, cascading power outages, and even malicious weapons of mass destruction attacks. Hence there is a pressing need to develop more robust cloud recovery schemes for disaster recovery that leverage underlying distributed networking capabilities. In light of the above, this dissertation proposes a range of solutions to address cloud networking services recovery under multi-failure stressors. First, a novel failure region-disjoint VN protection scheme is proposed to achieve improved efficiency for pre-provisioned protection. Next, enhanced VN mapping schemes are studied with probabilistic considerations to minimize risk for VN requests under stochastic failure scenarios. Finally, novel post-fault VN restoration schemes are also developed to provide viable last-gap recovery mechanisms using partial and full VN remapping strategies. The performance of these various solutions is evaluated using discrete event simulation and is also compared to existing strategies

Stochastic model checking for predicting component failures and service availability

When a component fails in a critical communications service, how urgent is a repair? If we repair within 1 hour, 2 hours, or n hours, how does this affect the likelihood of service failure? Can a formal model support assessing the impact, prioritisation, and scheduling of repairs in the event of component failures, and forecasting of maintenance costs? These are some of the questions posed to us by a large organisation and here we report on our experience of developing a stochastic framework based on a discrete space model and temporal logic to answer them. We define and explore both standard steady-state and transient temporal logic properties concerning the likelihood of service failure within certain time bounds, forecasting maintenance costs, and we introduce a new concept of envelopes of behaviour that quantify the effect of the status of lower level components on service availability. The resulting model is highly parameterised and user interaction for experimentation is supported by a lightweight, web-based interface

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Network Survivability Analysis: Coarse-Graining And Graph-Theoretic Strategies

In this dissertation, the interplay between geographic information about the network and the principal properties and structure of the underlying graph are used to quantify the structural and functional survivability of the network. This work focuses on the local aspect of survivability by studying the propagation of loss in the network as a function of the distance of the fault from a given origin-destination node pair