Optimizing resource allocation for secure SDN-based virtual network migration

International audienceRecent evolutions in cloud infrastructures allowed service providers to tailor new services for demanding customers. Providing these services confronts the infrastructure providers with costs and constraints considerations. In particular, security constraints are a major concern for today's businesses as the leak of personal information would tarnish their reputation. Recent works provide examples on how an attacker may leverage the infrastructure's weaknesses to steal sensitive information from the users. Specifically, an attacker can leverage maintenance processes inside the infrastructure to conduct an attack. In this paper, we consider the migration of a virtual network as the maintenance process. Then we determine the optimal monitoring resources allocation in this context with a Markov Decision Process. This model takes into account the impact of monitoring the infrastructure, the migration process and finally how the attacker may chose particular targets in the infrastructure. We provide a working prototype implemented in Python

Multi-provider secure virtual network embedding

International audienceNetwork virtualization enables tenants to lease computing and networking resources from one or more infrastructure provider (InP), like in Infrastructure as a Service (IaaS). As such, tenants outsource their networks, fully or partially, to reduce their capital expenditure, while expecting to still provide the same quality of service to their customers. Yet, such services may rely on data considered as sensitive by tenants, tenants' customers or the law, which should be protected appropriately. Besides, personal data protection laws paired with the objective to offer an optimal customer experience may lead tenants to distribute their virtual networks over multiple InPs. Yet, the interconnection between different InPs should respect their security policies. In this paper, we aim to ease the adoption of network virtualization by guaranteeing both tenants and InPs that their security policies are all enforced when creating a virtual network. To this end, we present a Virtual Network Embedding solution in a multi-provider context, and how we leverage it in a use cas