Misconfiguration-Free Compositional SDN for Cloud Networks
文献类型:期刊论文
| 作者 | Pan, Heng1,6; Li, Zhenyu1,6; Zhang, Penghao2,6; Cui, Penglai2,6; Salamatian, Kave3,4; Xie, Gaogang5 |
| 刊名 | IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
 |
| 出版日期 | 2023-05-01 |
| 卷号 | 20期号:3页码:2484-2499 |
| 关键词 | Law enforcement Cloud computing Programming Pattern matching Behavioral sciences Optimization Monitoring IaaS cloud networks misconfiguration checking policy management compositional SDN |
| ISSN号 | 1545-5971 |
| DOI | 10.1109/TDSC.2022.3185096 |
| 英文摘要 | Cloud computing provides a new paradigm to offer flexible IT infrastructures. In IaaS clouds, tenants deploy software-defined networking (SDN) policies to simplify network management and customize network behaviors. However, programming SDN networks is error-prone no matter using low-level APIs or high-level programming languages. Specifically, SDN policies may contain misconfigurations that do not break the pre-defined network invariants (e.g., black holes), but either degrade the deployment efficiency or mistakenly translate tenants intents. Prior studies for checking either traditional access control policies or network-wide invariants, are thus fail to detect these misconfigurations. To address this gap, this paper presents PMM, a misconfiguration checking tool for compositional SDN that works at the data plane of cloud networks. We first propose a new data structure, minimal interval set, to represent the match patterns of rulesets. This representation serves the basis for composition algebra construction and misconfiguration checking. We then propose the principles, algorithms and also optimisations for fast and accurate checking. We finally implement PMM in Covisor. Experiments with both real-world rulesets and synthetic rulesets show that PMM can detect misconfigurations of SDN policies in cloud networks within hundreds of milliseconds. |
| 资助项目 | National Key R&D Program of China[2019YFB1802800] ; Natural Science Foundation of China[62002344] ; Natural Science Foundation of China[61725206] ; EU Horizon2020 project MariCybERA[952360] |
| WOS研究方向 | Computer Science |
| 语种 | 英语 |
| WOS记录号 | WOS:000992398900048 |
| 出版者 | IEEE COMPUTER SOC |
| 源URL | [http://119.78.100.204/handle/2XEOYT63/21219]  |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Li, Zhenyu |
| 作者单位 | 1.Purple Mt Labs, Nanjing 211111, Jiangsu, Peoples R China 2.Univ Chinese Acad Sci, Beijing 100049, Peoples R China 3.Tallinn Univ Technol, EE-12616 Tallinn, Estonia 4.Univ Savioe, F-73000 Chambery, France 5.Chinese Acad Sci, Comp Network Informat Ctr, Beijing 100190, Peoples R China 6.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China |
| 推荐引用方式 GB/T 7714 | Pan, Heng,Li, Zhenyu,Zhang, Penghao,et al. Misconfiguration-Free Compositional SDN for Cloud Networks[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,2023,20(3):2484-2499. |
| APA | Pan, Heng,Li, Zhenyu,Zhang, Penghao,Cui, Penglai,Salamatian, Kave,&Xie, Gaogang.(2023).Misconfiguration-Free Compositional SDN for Cloud Networks.IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,20(3),2484-2499. |
| MLA | Pan, Heng,et al."Misconfiguration-Free Compositional SDN for Cloud Networks".IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING 20.3(2023):2484-2499. |
入库方式: OAI收割
来源:计算技术研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。