一级黄色片免费播放|中国黄色视频播放片|日本三级a|可以直接考播黄片影视免费一级毛片

高級搜索

留言板

尊敬的讀者、作者、審稿人, 關(guān)于本刊的投稿、審稿、編輯和出版的任何問題, 您可以本頁添加留言。我們將盡快給您答復(fù)。謝謝您的支持!

姓名
郵箱
手機號碼
標(biāo)題
留言內(nèi)容
驗證碼

抗側(cè)信道攻擊的服務(wù)功能鏈部署方法

伊鵬 謝記超 張震 谷允捷 趙丹

伊鵬, 謝記超, 張震, 谷允捷, 趙丹. 抗側(cè)信道攻擊的服務(wù)功能鏈部署方法[J]. 電子與信息學(xué)報, 2019, 41(11): 2699-2707. doi: 10.11999/JEIT190127
引用本文: 伊鵬, 謝記超, 張震, 谷允捷, 趙丹. 抗側(cè)信道攻擊的服務(wù)功能鏈部署方法[J]. 電子與信息學(xué)報, 2019, 41(11): 2699-2707. doi: 10.11999/JEIT190127
Peng YI, Jichao XIE, Zhen ZHANG, Yunjie GU, Dan ZHAO. A Service Function Chain Deployment Method Against Side Channel Attack[J]. Journal of Electronics & Information Technology, 2019, 41(11): 2699-2707. doi: 10.11999/JEIT190127
Citation: Peng YI, Jichao XIE, Zhen ZHANG, Yunjie GU, Dan ZHAO. A Service Function Chain Deployment Method Against Side Channel Attack[J]. Journal of Electronics & Information Technology, 2019, 41(11): 2699-2707. doi: 10.11999/JEIT190127

抗側(cè)信道攻擊的服務(wù)功能鏈部署方法

doi: 10.11999/JEIT190127
基金項目: 國家自然科學(xué)基金(61802429, 61872382, 61521003),國家重點研發(fā)計劃(2017YFB0803201, 2017YFB0803204)
詳細(xì)信息
    作者簡介:

    伊鵬:男,1977年生,博士,研究員,研究方向為網(wǎng)絡(luò)空間安全

    謝記超:男,1993年生,碩士生,研究方向為網(wǎng)絡(luò)安全

    張震:男,1985年生,博士,講師,研究方向為新型網(wǎng)絡(luò)體系結(jié)構(gòu)

    谷允捷:男,1994年生,博士生,研究方向為網(wǎng)絡(luò)功能虛擬化

    趙丹:女,1992年生,助理工程師,研究方向為新一代信息通信網(wǎng)

    通訊作者:

    謝記超 912104210329@njust.edu.cn

  • 中圖分類號: TP393

A Service Function Chain Deployment Method Against Side Channel Attack

Funds: The National Science Foundation of China (61802429, 61872382, 61521003), The National Key R&D Program of China (2017YFB0803201, 2017YFB0803204)
  • 摘要: 側(cè)信道攻擊是當(dāng)前云計算環(huán)境下多租戶間信息泄露的主要途徑,針對現(xiàn)有服務(wù)功能鏈(SFC)部署方法未充分考慮多租戶環(huán)境下虛擬網(wǎng)絡(luò)功能(VNF)面臨的側(cè)信道攻擊問題,該文提出一種抗側(cè)信道攻擊的服務(wù)功能鏈部署方法。引入基于時間均值的租戶分類策略以及結(jié)合歷史信息的部署策略,在滿足服務(wù)功能鏈資源約束條件下,以最小化租戶所能覆蓋的服務(wù)器數(shù)量為目標(biāo)建立相應(yīng)的優(yōu)化模型,并設(shè)計了基于貪婪選擇的部署算法。實驗結(jié)果表明,與其他部署方法相比,該方法顯著提高了惡意租戶實現(xiàn)共存的難度與代價,降低了租戶面臨的側(cè)信道攻擊風(fēng)險。
  • 圖  2  惡意租戶實現(xiàn)共存過程

    圖  3  惡意租戶實施側(cè)信道攻擊

    圖  1  基于云環(huán)境的服務(wù)功能鏈部署示意圖

    圖  4  覆蓋服務(wù)器數(shù)量的變化趨勢

    圖  5  實現(xiàn)共存所請求的SFC數(shù)量情況

    圖  6  成功實現(xiàn)共存的概率

    圖  7  MA對覆蓋服務(wù)器數(shù)量的影響

    圖  8  MA對實現(xiàn)共存所請求SFC數(shù)量的影響

    圖  9  MA對共存概率的影響

    圖  10  實現(xiàn)共存所租用資源累計時間的平均值圖

    圖  11  MA對租用資源累計時間平均值的影響

    圖  12  時間參數(shù)對租用資源累計時間平均值的影響

    表  1  基于租戶分類和歷史信息的部署算法

     輸入:服務(wù)功能鏈請求信息$r$
     輸出:請求$r$的部署方案
     (1) #租戶分類
     (2)計算平均運行時間${\rm{AVG}}_\eta ^{}$,確定請求所屬租戶${\eta ^r}$的分類XT;
     (3)依據(jù)分類結(jié)果,確定可部署服務(wù)器集合$\bar N_{}^{{\rm{XT}}}$以及租戶${\eta ^r}$在該
    區(qū)域已占用的服務(wù)器集合$\bar N_{{\eta ^r}}^{{\rm{XT}}}$;
     (4) #VNF部署
     (5) SFCdpsucc=0, nodedpsucc=0#設(shè)置部署成敗狀態(tài)標(biāo)志;
     (6) For each ${\rm{VNF}}_i^{\rm{r}}$in $\psi _{}^r$#遍歷SFC請求中所有的m個VNF;
     (7)   篩選出$\bar N_{}^{{\rm{XT}}},\bar N_{{\eta ^r}}^{{\rm{XT}}}$中支持該類型VNF且剩余資源足夠的
    服務(wù)器集合$\bar N_{{\rm{VNF}}_i^{{r}}}^{{\rm{XT}}},\bar N_{{\eta ^r},{\rm{VNF}}_i^{{r}}}^{{\rm{XT}}}$;
     (8)   If $\bar N_{{\eta ^r},{\rm{VNF}}_i^r}^{{\rm{XT}}}$不為空,則從中選取剩余資源最多的服務(wù)器
    節(jié)點部署${\rm{VNF}}_i^r$;
     (9)   If $\bar N_{{\eta ^r},{\rm{VNF}}_i^r}^{{\rm{XT}}}$為空,則從$\bar N_{{\rm{VNF}}_i^r}^{{\rm{XT}}}$中選取剩余資源最多的服
    務(wù)器節(jié)點部署${\rm{VNF}}_i^r$;
     (10)   記錄${\rm{VNF}}_i^r$所部屬的服務(wù)器節(jié)點$n_i^r$,并對節(jié)點$n_i^r$資源
    余量和$\bar N_{{\eta ^r}}^{{\rm{XT}}}$進(jìn)行預(yù)更新;
     (11) If $\psi _{}^r$中所有的VNF均找到可部署服務(wù)器節(jié)點;
     (12)   nodesucc=1,并對相關(guān)服務(wù)器節(jié)點資源余量和$\bar N_{{\eta ^r}}^{{\rm{XT}}}$進(jìn)
    行更新。
     (13) #虛擬鏈路部署
     (14) linkdpsucc=0#設(shè)置鏈路部署成敗狀態(tài)標(biāo)志;
     (15) If nodedpsucc==1;
     (16)   For each $l_{i,i + 1}^r$ in $L_{}^r$#遍歷該SFC請求中所有的虛擬
    鏈路;
     (17)      確定節(jié)點$n_i^r$與$n_{i + 1}^r$之間帶寬余量足夠的可用鏈
    路集合$\bar L_{n_i^r,n_{i + 1}^r}^{}$;
     (18)      從中篩選出部署代價$B_{\cos t}^r$最小的鏈路集合#存
    在多條同等長度的鏈路;
     (19)       從中選取帶寬資源余量最大的鏈路;
     (20)      記錄所使用的鏈路,并對鏈路資源余量進(jìn)行預(yù)
    更新;
     (21)   If $L_{}^r$中所有的虛擬鏈路找到可部署的物理鏈路;
     (22)      linkdpsucc=1,并對相關(guān)物理鏈路資源余量進(jìn)
    行更新;
     (23) If (nodedpsucc and linkdpsucc)==1;
     (24)   SFCdpsucc=1#該SFC請求部署成功;
    下載: 導(dǎo)出CSV

    表  2  VNF資源需求系數(shù)

    VNF類型NATFirewallProxyIDSUD_1UD_2UD_3UD_4
    計算資源需求/(單位帶寬)12261234
    下載: 導(dǎo)出CSV
  • MEDHAT A M, TALEB T, ELMANGOUSH A, et al. Service function chaining in next generation networks: State of the art and research challenges[J]. IEEE Communications Magazine, 2017, 55(2): 216–223. doi: 10.1109/MCOM.2016.1600219RP
    周偉林, 楊芫, 徐明偉. 網(wǎng)絡(luò)功能虛擬化技術(shù)研究綜述[J]. 計算機研究與發(fā)展, 2018, 55(4): 675–688. doi: 10.7544/issn1000-1239.2018.20170937

    ZHOU Weilin, YANG Yuan, and XU Mingwei. Network function virtualization technology research[J]. Journal of Computer Research and Development, 2018, 55(4): 675–688. doi: 10.7544/issn1000-1239.2018.20170937
    BO Yi, WANG Xingwei, LI Keqin, et al. A comprehensive survey of Network Function Virtualization[J]. Computer Networks, 2018, 133: 212–262. doi: 10.1016/j.comnet.2018.01.021
    袁泉, 湯紅波, 黃開枝, 等. 基于Q-learning算法的vEPC虛擬網(wǎng)絡(luò)功能部署方法[J]. 通信學(xué)報, 2017, 38(8): 172–182. doi: 10.11959/j.issn.1000-436x.2017173

    YUAN Quan, TANG Hongbo, HUANG Kaizhi, et al. Deployment method for vEPC virtualized network function via Q-learning[J]. Journal on Communications, 2017, 38(8): 172–182. doi: 10.11959/j.issn.1000-436x.2017173
    GHAZNAVI M, KHAN A, SHAHRIAR N, et al. Elastic virtual network function placement[C]. Proceedings of the IEEE 4th International Conference on Cloud Networking, Niagara Falls, Canada, 2015: 1–7.
    MIJUMBI R, HASIJA S, DAVY S, et al. Topology-aware prediction of virtual network function resource requirements[J]. IEEE Transactions on Network and Service Management, 2017, 14(1): 106–120. doi: 10.1109/TNSM.2017.2666781
    陳卓, 馮鋼, 劉蓓, 等. 運營商網(wǎng)絡(luò)中面向資源碎片優(yōu)化的網(wǎng)絡(luò)服務(wù)鏈構(gòu)建策略[J]. 電子與信息學(xué)報, 2018, 40(4): 763–769. doi: 10.11999/JEIT170641

    CHEN Zhuo, FENG Gang, LIU Bei, et al. Construction policy of network service chain oriented to resource fragmentation optimization in operator network[J]. Journal of Electronics &Information Technology, 2018, 40(4): 763–769. doi: 10.11999/JEIT170641
    QU Long, ASSI C, SHABAN K, et al. A reliability-aware network service chain provisioning with delay guarantees in NFV-enabled enterprise datacenter networks[J]. IEEE Transactions on Network and Service Management, 2017, 14(3): 554–568. doi: 10.1109/TNSM.2017.2723090
    FIROOZJAEI M D, JEONG J, KO H, et al. Security challenges with network functions virtualization[J]. Future Generation Computer Systems, 2017, 67: 315–324. doi: 10.1016/j.future.2016.07.002
    梁鑫, 桂小林, 戴慧珺, 等. 云環(huán)境中跨虛擬機的Cache側(cè)信道攻擊技術(shù)研究[J]. 計算機學(xué)報, 2017, 40(2): 317–336. doi: 10.11897/SP.J.1016.2017.00317

    LIANG Xin, GUI Xiaolin, DAI Huijun, et al. Cross-VM cache side channel attacks in cloud: A survey[J]. Chinese Journal of Computers, 2017, 40(2): 317–336. doi: 10.11897/SP.J.1016.2017.00317
    ZHANG Xu, WANG Haining, and WU Zhenyu. A measurement study on co-residence threat inside the cloud[C]. Proceedings of the 24th USENIX Conference on Security Symposium, Washington, USA, 2015: 929–944.
    ATYA A O F, QIAN Zhiyun, KRISHNAMURTHY S V, et al. Malicious co-residency on the cloud: Attacks and defense[C]. Proceedings of IEEE Conference on Computer Communications, Atlanta, USA, 2017: 1–9.
    趙碩, 季新生, 毛宇星, 等. 基于安全等級的虛擬機動態(tài)遷移方法[J]. 通信學(xué)報, 2017, 38(7): 165–174. doi: 10.11959/j.issn.1000-436x.2017091

    ZHAO Shuo, JI Xinsheng, MAO Yuxing, et al. Research on dynamic migration of virtual machine based on security level[J]. Journal on Communications, 2017, 38(7): 165–174. doi: 10.11959/j.issn.1000-436x.2017091
    ZHANG Tianwei, ZHANG Yinqian, and LEE R B. CloudRadar: A real-time side-channel attack detection system in clouds[C]. Proceedings of 19th International Symposium on Research in Attacks, Intrusions, and Defenses, Paris, France, 2016: 118–140.
    NOSHY M, IBRAHIM A, and ALI H A. Optimization of live virtual machine migration in cloud computing: A survey and future directions[J]. Journal of Network and Computer Applications, 2018, 110: 1–10. doi: 10.1016/j.jnca.2018.03.002
    LIU Shuhao, CAI Zhiping, XU Hong, et al. Towards security-aware virtual network embedding[J]. Computer Networks, 2015, 91: 151–163. doi: 10.1016/j.comnet.2015.08.014
    HAN Yi, CHAN J, ALPCAN T, et al. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing[J]. IEEE Transactions on Dependable and Secure Computing, 2017, 14(1): 95–108. doi: 10.1109/TDSC.2015.2429132
    HAN Yi, ALPCAN T, CHAN J, et al. A game theoretical approach to defend against co-resident attacks in cloud computing: Preventing co-residence using semi-supervised learning[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(3): 556–570. doi: 10.1109/TIFS.2015.2505680
    LI Defang, HONG Peilin, XUE Kaiping, et al. Virtual network function placement considering resource optimization and SFC requests in cloud datacenter[J]. IEEE Transactions on Parallel and Distributed Systems, 2018, 29(7): 1664–1677. doi: 10.1109/TPDS.2018.2802518
    BARI F, CHOWDHURY S R, AHMED R, et al. Orchestrating virtualized network functions[J]. IEEE Transactions on Network and Service Management, 2016, 13(4): 725–739. doi: 10.1109/TNSM.2016.2569020
  • 加載中
圖(12) / 表(2)
計量
  • 文章訪問數(shù):  2811
  • HTML全文瀏覽量:  1177
  • PDF下載量:  67
  • 被引次數(shù): 0
出版歷程
  • 收稿日期:  2019-03-01
  • 修回日期:  2019-06-11
  • 網(wǎng)絡(luò)出版日期:  2019-06-20
  • 刊出日期:  2019-11-01

目錄

    /

    返回文章
    返回