Institute of Computing Technology, Chinese Academy IR
| Misconfiguration-Free Compositional SDN for Cloud Networks | |
| Pan, Heng1,2; Li, Zhenyu1,2; Zhang, Penghao1,3; Cui, Penglai1,3; Salamatian, Kave4,5; Xie, Gaogang6 | |
| 2023-05-01 | |
| 发表期刊 | IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
 |
| ISSN | 1545-5971 |
| 卷号 | 20期号:3页码:2484-2499 |
| 摘要 | Cloud computing provides a new paradigm to offer flexible IT infrastructures. In IaaS clouds, tenants deploy software-defined networking (SDN) policies to simplify network management and customize network behaviors. However, programming SDN networks is error-prone no matter using low-level APIs or high-level programming languages. Specifically, SDN policies may contain misconfigurations that do not break the pre-defined network invariants (e.g., black holes), but either degrade the deployment efficiency or mistakenly translate tenants intents. Prior studies for checking either traditional access control policies or network-wide invariants, are thus fail to detect these misconfigurations. To address this gap, this paper presents PMM, a misconfiguration checking tool for compositional SDN that works at the data plane of cloud networks. We first propose a new data structure, minimal interval set, to represent the match patterns of rulesets. This representation serves the basis for composition algebra construction and misconfiguration checking. We then propose the principles, algorithms and also optimisations for fast and accurate checking. We finally implement PMM in Covisor. Experiments with both real-world rulesets and synthetic rulesets show that PMM can detect misconfigurations of SDN policies in cloud networks within hundreds of milliseconds. |
| 关键词 | Law enforcement Cloud computing Programming Pattern matching Behavioral sciences Optimization Monitoring IaaS cloud networks misconfiguration checking policy management compositional SDN |
| DOI | 10.1109/TDSC.2022.3185096 |
| 收录类别 | SCI |
| 语种 | 英语 |
| 资助项目 | National Key R&D Program of China[2019YFB1802800] ; Natural Science Foundation of China[62002344] ; Natural Science Foundation of China[61725206] ; EU Horizon2020 project MariCybERA[952360] |
| WOS研究方向 | Computer Science |
| WOS类目 | Computer Science, Hardware & Architecture ; Computer Science, Information Systems ; Computer Science, Software Engineering |
| WOS记录号 | WOS:000992398900048 |
| 出版者 | IEEE COMPUTER SOC |
| 引用统计 | |
| 文献类型 | 期刊论文 |
| 条目标识符 | http://119.78.100.204/handle/2XEOYT63/21220 |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Li, Zhenyu |
| 作者单位 | 1.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China 2.Purple Mt Labs, Nanjing 211111, Jiangsu, Peoples R China 3.Univ Chinese Acad Sci, Beijing 100049, Peoples R China 4.Tallinn Univ Technol, EE-12616 Tallinn, Estonia 5.Univ Savioe, F-73000 Chambery, France 6.Chinese Acad Sci, Comp Network Informat Ctr, Beijing 100190, Peoples R China |
| 推荐引用方式 GB/T 7714 | Pan, Heng,Li, Zhenyu,Zhang, Penghao,et al. Misconfiguration-Free Compositional SDN for Cloud Networks[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,2023,20(3):2484-2499. |
| APA | Pan, Heng,Li, Zhenyu,Zhang, Penghao,Cui, Penglai,Salamatian, Kave,&Xie, Gaogang.(2023).Misconfiguration-Free Compositional SDN for Cloud Networks.IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,20(3),2484-2499. |
| MLA | Pan, Heng,et al."Misconfiguration-Free Compositional SDN for Cloud Networks".IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING 20.3(2023):2484-2499. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论