Skip to main content
SpringerLink
Log in

Security-SLA-guaranteed service function chain deployment in cloud-fog computing networks

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Network function virtualization (NFV) has gained prominence in next-generation cloud computing, such as the fog-based radio access network, due to their ability to support better QoS in network service provision. However, most of the current service function chain (SFC) deployment researches do not consider the Security-Service-Level-Agreement (SSLA) in the deployment solution. Therefore, in this work, we introduce the SSLA into SFC deployment to defend attacks. Firstly, we formulate the SSLA guaranteed SFC deployment problem by using linear programming. Then, we propose the Maximal-security SFC deployment algorithm (MS) to maximize the security of the SFC deployment. However, the MS algorithm results in a high deployment cost. To reduce the deployment cost, we propose the Minimal-cost and SSLA-guaranteed SFC deployment algorithm (MCSG) to minimize the deployment while satisfying the SSLA. In order to reduce the blocking ratio caused by MCSG, the Minimal-cost and SSLA-guaranteed SFC deployment algorithm with feedback adjustment (MCSG-FA) is proposed. Finally, we evaluate our proposed algorithms through simulations. The simulation results show that the blocking ratio and the deployment cost of our algorithms are better than that of the existing algorithm when meeting the SSLAs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Liao, D., Yulong, W., Ziyang, W., Zhu, Z., Zhang, W., Sun, G., Chang, V.: AI-based software-defined virtual network function scheduling with delay optimization. Clust. Comput. 22(6), 13879–13909 (2019)

    Google Scholar 

  2. Sun, G., Liao, D., Zhao, D., Zichuan, X., Hongfang, Yu.: Live migration for multiple correlated virtual machines in cloud-based data centers. IEEE Trans. Serv. Comput. 11(2), 279–291 (2018)

    Article  Google Scholar 

  3. Khairi, S., Raouyane, B., Bellafkih, M.: Novel QoE monitoring and management architecture with eTOM for SDN-based 5G networks. Clust. Comput. 23, 1–12 (2020)

    Article  Google Scholar 

  4. Sun, J., Zhang, Y., Liao, D., Sun, G., Chang, V.: AI-based survivable design for hybrid virtual networks for single regional failures in cloud data centers. Clust. Comput. 22(5), 12009–12019 (2019)

    Article  Google Scholar 

  5. Toosi, A.N., Son, J., Chi, Q., Buyya, R.: ElasticSFC: auto-scaling techniques for elastic service function chaining in network functions virtualization-based clouds. J. Syst. Softw. 152, 108–119 (2019)

    Article  Google Scholar 

  6. Zhao, D., Liao, D., Sun, G., Shizhong, X.: Towards resource-efficient service function chain deployment in cloud-fog computing. IEEE Access 6(1), 66754–66766 (2018)

    Article  Google Scholar 

  7. Zhao, D., Liao, D., Sun, G., Shizhong, X., Chang, V.: On orchestrating service function chains in 5G mobile network. IEEE Access 7(1), 39402–39416 (2019)

    Article  Google Scholar 

  8. Zhao, D., Liao, D., Sun, G., Shizhong, X., Chang, V.: Mobile-aware service function chain migration in cloud-fog computing. Future Gener. Comput. Syst. 96, 591–604 (2019)

    Article  Google Scholar 

  9. Van Lingen, F., Yannuzzi, M., Jain, A., Irons-Mclean, R., Lluch, O., Carrera, D., Pérez, J.L., Gutierrez, A., Montero, D., Martí, J., Masó, R., Rodríguez, J.P.: The unavoidable convergence of NFV, 5G, and fog: a model-driven approach to bridge cloud and edge. IEEE Commun. Mag. 55(8), 28–35 (2017)

    Article  Google Scholar 

  10. Pham, C., Tran, N.H., Ren, S., Saad, W., Hong, C.S.: Traffic-aware and energy-efficient vNF placement for service chaining: joint sampling and matching approach. IEEE Trans. Serv. Comput. 13(1), 172–185 (2020)

    Article  Google Scholar 

  11. Chiang, M., Ha, S., Chih-Lin, I., Risso, F., Zhang, T.: Clarifying fog computing and networking: 10 questions and answers. IEEE Commun. Mag. 55(4), 18–20 (2017)

    Article  Google Scholar 

  12. Jalali, F., Hinton, K., Ayre, R., Alpcan, T., Tucker, R.S.: Fog computing may help to save energy in cloud computing. IEEE J. Sel. Areas Commun. 34(5), 1728–1739 (2016)

    Article  Google Scholar 

  13. Vilalta, R., Mayoral, A., Casellas, R., Martínez, R., Muñoz, R.: Experimental demonstration of distributed multi-tenant cloud/fog and heterogeneous SDN/NFV orchestration for 5G services. In: European Conference on Networks & Communications, pp. 52–56 (2016)

  14. Firoozjaei, M.D., Jeong, J., Ko, H., Kim, H.: Security challenges with network functions virtualization. Future Gener. Comput. Syst. 67, 315–324 (2017)

    Article  Google Scholar 

  15. Jerry Schumacher, H.J., Lee, T., Ghosh, S.: A novel, user-level, security-on-demand paradigm for ATM networks: modeling, simulation, and performance analysis. J. Interconnect. Netw. 4(4), 429–461 (2003)

    Article  Google Scholar 

  16. Mthunz, S.N., Benkhelifa, E., Bosakowski, T., Guegan, C.G., Barhamgi, M.: Cloud computing security taxonomy: from an atomistic to a holistic view. Future Gener. Comput. Syst. 107, 620–644 (2020)

    Article  Google Scholar 

  17. Trapero, R., Modic, J., Stopar, M., Taha, A., Suri, N.: A novel approach to manage cloud security SLA incidents. Future Gener. Comput. Syst. 72, 193–205 (2017)

    Article  Google Scholar 

  18. Rottenstreich, O., Keslassy, I., Revah, Y., Kadosh, A.: Minimizing delay in network function virtualization with shared pipelines. IEEE Trans. Parallel Distrib. Syst. 28(1), 156–169 (2017)

    Article  Google Scholar 

  19. Long, Q., Assi, C., Shaban, K.: Delay-aware scheduling and resource optimization with network function virtualization. IEEE Trans. Commun. 64(9), 3746–3758 (2016)

    Article  Google Scholar 

  20. Sun, C., Bi, J., Zheng, Z., Hongxin, H.: HYPER: a hybrid high-performance framework for network function virtualization. IEEE J. Sel. Areas Commun. 35(11), 2490–2500 (2017)

    Article  Google Scholar 

  21. Eramo, V., Miucci, E., Ammar, M., Lavacca, F.G.: An approach for service function chain routing and virtual function network instance migration in network function virtualization architectures. IEEE/ACM Trans. Netw. 25(4), 2008–2025 (2017)

    Article  Google Scholar 

  22. Luizelli, M.C., da Costa Cordeiro, W.L., Buriol, L.S., Gaspary, L.P.: A fix-and-optimize approach for efficient and large scale virtual network function placement and chaining. Comput. Commun. 102, 67–77 (2017)

    Article  Google Scholar 

  23. Khebbache, S., Hadji, M., Zeghlache, D.: Virtualized network functions chaining and routing algorithms. Comput. Netw. 114, 95–110 (2017)

    Article  Google Scholar 

  24. Xiao, Y., Krunz, M.: QoE and power efficiency tradeoff for fog computing networks with fog node cooperation. In: IEEE INFOCOM, pp. 1–9 (2017)

  25. Sun, G., Song, L., Hongfang, Yu., Xiaojiang, D., Guizani, M.: A two-tier collection and processing scheme for fog-based mobile crowd sensing in the internet of vehicles. IEEE Internet Things J. 8(3), 1971–1984 (2021)

    Article  Google Scholar 

  26. Song, L., Sun, G., Hongfang, Yu., Xiaojiang, D., Guizani, M.: FBIA: a fog-based identity authentication scheme for privacy preservation in internet of vehicles. IEEE Trans. Veh. Technol. 69(5), 5403–5415 (2020)

    Article  Google Scholar 

  27. Sun, G., Zhang, Y., Hongfang, Yu., Xiaojiang, D., Guizani, M.: Intersection fog-based distributed routing for V2V communication in urban vehicular ad hoc networks. IEEE Trans. Intell. Transp. Syst. 21(6), 2409–2426 (2020)

    Article  Google Scholar 

  28. Pengfei, H., Ning, H., Qiu, T., Zhang, Y., Luo, X.: Fog computing based face identification and resolution scheme in internet of things. IEEE Trans. Ind. Inform. 13(4), 1910–1920 (2017)

    Article  Google Scholar 

  29. Liang, K., Zhao, L., Chu, X., Chen, H.-H.: An integrated architecture for software defined and virtualized radio access networks with fog computing. IEEE Netw. 31(1), 80–87 (2017)

    Article  Google Scholar 

  30. Iotti, N., Picone, M., Cirani, S., Ferrari, G.: Improving quality of experience in future wireless access networks through fog computing. IEEE Internet Comput. 21(2), 26–33 (2017)

    Article  Google Scholar 

  31. Yu, Z., Au, M.H., Xu, Q., Yang, R., Han, J.: Towards leakage-resilient fine-grained access control in fog computing. Future Gener. Comput. Syst. 78, 763–777 (2018)

    Article  Google Scholar 

  32. Park, S., Yoo, Y.: Network intelligence based on network state information for connected vehicles utilizing fog computing. Mob. Inf. Syst. 43(12), 1420–1427 (2017)

    Google Scholar 

  33. Sookhak, M., Richard Yu, F., He, Y., Talebian, H., Safa, N.S., Zhao, N., Khan, M.K., Kumar, N.: Fog vehicular computing: augmentation of fog computing using vehicular cloud computing. IEEE Veh. Technol. Mag. 12(3), 55–64 (2017)

    Article  Google Scholar 

  34. Vilalta, R., Mayoral, A., Casellas, R., Martínez, R., Muñoz, R.: SDN/NFV orchestration of multi-technology and multi-domain networks in cloud/fog architectures for 5G services. In: Optoelectronics & Communications Conference, pp. 1–3 (2016)

  35. Aljuhani, A., Alharbi, T.: Virtualized network functions security attacks and vulnerabilities. In: IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), pp. 1–4 (2017)

  36. Fysarakis, K., Petroulakis, N.E., Roos, A., Abbasi, K., Vizarreta, P., Petropoulos, G., Spanoudakis, E.S.G., Askoxylakis, I.: A reactive security framework for operational wind parks using service function chaining. In: IEEE Symposium on Computers and Communications (ISCC), pp. 663–668 (2017)

  37. Rashidi, B., Fung, C., Bertino, E.: A collaborative DDoS defence framework using network function virtualization. IEEE Trans. Inf. Forensics Secur. 12(10), 2483–2497 (2017)

    Article  Google Scholar 

  38. Casazza, M., Fouilhoux, P., Bouet, M., Secci, S.: Securing Virtual Network Function Placement with High Availability Guarantees. arXiv, pp. 1–9 (2017)

  39. Shirazi, S.N., Gouglidis, A., Farshad, A., Hutchison, D.: The extended cloud: review and analysis of mobile edge computing and fog from a security and resilience perspective. IEEE J. Sel. Areas Commun. 35(11), 2586–2595 (2017)

    Article  Google Scholar 

  40. Roman, R., Lopez, J., Mambo, M.: Mobile edge computing, Fog et al.: a survey and analysis of security threats and challenges. Future Gener. Comput. Syst. 78, 680–698 (2018)

    Article  Google Scholar 

  41. Mukherjee, M., Matam, R., Shu, L., Maglaras, L., Ferrag, M.A., Choudhury, N., Kumar, V.: Security and privacy in fog computing: challenges. IEEE Access 5, 19293–19304 (2017)

    Article  Google Scholar 

  42. Liu, S., Cai, Z., Hong, X., Ming, X.: Towards security-aware virtual network embedding. Comput. Netw. 91, 151–163 (2015)

    Article  Google Scholar 

Download references

Acknowledgements

This research was partially supported by the National Key Research and Development Program of China (2019YFB1802800), PCL Future Greater-Bay Area Network Facilities for Large-scale Experiments and Applications (PCL2018KP001), VC Research (VCR 0000086) and VC Research (VCR 0000134) of Prof. Victor Chang.

Author information

Authors and Affiliations

  1. Key Lab of Optical Fiber Sensing and Communications (Ministry of Education), University of Electronic Science and Technology of China, Chengdu, China

    Dongcheng Zhao, Long Luo, Hongfang Yu & Gang Sun

  2. Peng Cheng Laboratory, Shenzhen, China

    Hongfang Yu

  3. School of Computing, Engineering and Digital Technologies, Teesside University, Middlesbrough, UK

    Victor Chang

  4. Cloud Computing and Distributed Systems (CLOUDS) Laboratory, School of Computing and Information Systems, The University of Melbourne, Parkville, Australia

    Rajkumar Buyya

  5. Agile and Intelligent Computing Key Laboratory of Sichuan Province, Chengdu, China

    Gang Sun

Authors
  1. Dongcheng Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Long Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hongfang Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Victor Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Rajkumar Buyya
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Gang Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gang Sun.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhao, D., Luo, L., Yu, H. et al. Security-SLA-guaranteed service function chain deployment in cloud-fog computing networks. Cluster Comput 24, 2479–2494 (2021). https://doi.org/10.1007/s10586-021-03278-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-021-03278-4

Keywords

Search

Navigation