Adversarial topology discovery in network virtualization environments: a threat for ISPs?

Yvonne Anne Pignolet; Stefan Schmid; Gilles Tredan

doi:10.1007/s00446-014-0217-4

Distributed Computing

April 2015, Volume 28, Issue 2, pp 91–109

Adversarial topology discovery in network virtualization environments: a threat for ISPs?

Authors
Authors and affiliations

Yvonne Anne Pignolet
Stefan SchmidEmail author
Gilles Tredan

Article

First Online:: 23 April 2014

Received:: 23 April 2013
Accepted:: 09 April 2014

DOI: 10.1007/s00446-014-0217-4

Cite this article as:: Pignolet, Y.A., Schmid, S. & Tredan, G. Distrib. Comput. (2015) 28: 91. doi:10.1007/s00446-014-0217-4

2 Citations
181 Downloads

Abstract

Network virtualization is a new Internet paradigm which allows multiple virtual networks (VNets) to share the resources of a given physical infrastructure. The virtualization of entire networks is the natural next step after the virtualization of nodes and links. While the problem of how to embed a VNet (“guest network”) on a given resource network (“host network”) is algorithmically well-understood, much less is known about the security implications of this new technology. This paper introduces a new model to reason about one particular security threat: the leakage of information about the physical infrastructure—often a business secret. We initiate the study of this new problem and introduce the notion of request complexity which describes the number of VNet requests needed to fully disclose the substrate topology. We derive lower bounds and present algorithms achieving an asymptotically optimal request complexity for important graph classes such as trees, cactus graphs (complexity \(O(n)\)) as well as arbitrary graphs (complexity \(O(n^2)\)). Moreover, a general motif-based topology discovery framework is described which exploits the poset structure of the VNet embedding relation.

References

1.
Acharya, H., Gouda, M.: On the hardness of topology inference. In: Proceedings of ICDCN, pp. 251–262 (2011)
2.
Achlioptas, D., Clauset, A., Kempe, D., Moore, C.: On the bias of traceroute sampling: or, power-law degree distributions in regular graphs. In: Proceedings of 37th Annual ACM Symposium on Theory of Computing (STOC), pp. 694–703 (2005)
3.
Ambühl, C., Mastrolilli, M., Svensson, O.: Inapproximability results for maximum edge biclique, minimum linear arrangement, and sparsest cut. SIAM J. Comput. 40(2), 567–596 (2011)CrossRefMATHMathSciNetGoogle Scholar
4.
Anandkumar, A., Hassidim, A., Kelner, J.: Topology discovery of sparse random graphs with few participants. In: Proceedings of SIGMETRICS (2011)
5.
Bansal, N., Lee, K.-W., Nagarajan, V., Zafer, M.: Minimum congestion mapping in a cloud. In: Proceedings of 30th PODC, pp. 267–276 (2011)
6.
Caucal, D.: Deterministic graph grammars. In: Logic and Automata, pp. 169–250 (2008)
7.
Cheswick, B., Burch, H., Branigan, S.: Mapping and visualizing the internet. In: Proceedings of USENIX Annual Technical Conference (ATEC) (2000)
8.
Chowdhury, N.M.M.K., Boutaba, R.: A survey of network virtualization. Comput. Netw. 54(5), 862–876 (2010). doi:10.1016/j.comnet.2009.10.017 Google Scholar
9.
Cook, D.J., Holder, L.B.: Substructure discovery using minimum description length and background knowledge. J. Artif. Intell. Res. 1, 231–255 (1994)Google Scholar
10.
Díaz, J., Petit, J., Serna, M.: A survey of graph layout problems. ACM Comput. Surv. 34(3), 313–356 (2002)CrossRefGoogle Scholar
11.
Even, G., Medina, M., Schaffrath, G., Schmid, S.: Competitive and deterministic embeddings of virtual networks. In: Proceedings of ICDCN (2012)
12.
Faloutsos, M., Faloutsos, P., Faloutsos, C.: On power-law relationships of the internet topology. In: Proceedings of SIGCOMM, pp. 251–262 (1999)
13.
Fan, J., Ammar, M.H.: Dynamic topology configuration in service overlay networks: a study of reconfiguration policies. In: Proceedings of IEEE INFOCOM (2006)
14.
Fuerst, C., Schmid, S., Feldmann, A.: Virtual network embedding with collocation: benefits and limitations of pre-clustering. In: Proceedings of 2nd IEEE International Conference on Cloud Networking (CLOUDNET) (2013)
15.
Haider, A., Potter, R., Nakao, A.: Challenges in resource allocation in network virtualization. In: Proceedings of ITC Specialist Seminar on Network Virtualization (2009)
16.
Houidi, I., Louati, W., Zeghlache, D.: A distributed virtual network mapping algorithm. In: Proceedings of IEEE ICC (2008)
17.
Lakhina, A., Byers, J., Crovella, M., Xie, P.: Sampling biases in ip topology measurements. In: Proceedings of IEEE INFOCOM (2003)
18.
Lischka, J., Karl, H.: A virtual network mapping algorithm based on subgraph isomorphism detection. In: Proceedings of ACM SIGCOMM VISA (2009)
19.
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. 38, 69–74 (2008)CrossRefGoogle Scholar
20.
Pignolet, Y.A., Schmid, S., Tredan, G.: Brief announcement: Do vnet embeddings reveal isp topology? In: Proceedings of 26th International Symposium on Distributed Computing (DISC) (2012)
21.
Pignolet, Y.-A., Schmid, S., Tredan, G.: Adversarial VNet embeddings: a threat for ISPs? In: IEEE INFOCOM (2013)
22.
Pignolet, Y.A., Schmid, S., Tredan, G.: Request complexity of vnet topology extraction: dictionary-based attacks. In: International Conference on Networked Systems (NETYS) (2013)
23.
Pignolet, Y.A., Tredan, G., Schmid, S.: Misleading stars: what cannot be measured in the internet?. In: Proceedings of DISC (2011)
24.
Plotkin, J.M., Rosenthal, J.W.: How to obtain an asymptotic expansion of a sequence from an analytic identity satisfied by its generating function. J. Aust. Math. Soc. Ser. A (1994)
25.
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of 16th ACM CCS, pp. 199–212 (2009)
26.
Schaffrath, G., Schmid, S., Feldmann, A.: Optimizing long-lived cloudnets with migrations. In: Proceedings of IEEE/ACM UCC (2012)
27.
Schaffrath, G., Werle, C., Papadimitriou, P., Feldmann, A., Bless, R., Greenhalgh, A., Wundsam, A., Kind, M., Maennel, O., Mathy, L.: Network virtualization architecture: proposal and initial prototype. In: Proceedings of ACM SIGCOMM VISA (2009)
28.
Spring, N., Mahajan, R., Wetherall, D., Anderson, T.: Measuring isp topologies with rocketfuel. IEEE/ACM Trans. Netw. 12(1), 2–16 (2004)CrossRefGoogle Scholar
29.
Washio, T., Motoda, H.: State of the art of graph-based data mining. SIGKDD Explor. Newsl. 5, 59–68 (2003)CrossRefGoogle Scholar
30.
Yao, B., Viswanathan, R., Chang, F., Waddington, D.: Topology inference in the presence of anonymous routers. In: Proceedings of IEEE INFOCOM, pp. 353–363 (2003)
31.
Zhang, S., Qian, Z., Wu, J., Lu, S.: An opportunistic resource sharing and topology-aware mapping framework for virtual networks. In: Proceedings of IEEE INFOCOM (2012)

Copyright information

Authors and Affiliations

Yvonne Anne Pignolet
- 1
Stefan Schmid
- 2
Email author
Gilles Tredan
- 3

1.ABB Corporate ResearchDättwilSwitzerland
2.Telekom Innovation Laboratories and TU BerlinBerlinGermany
3.LAAS-CNRSToulouseFrance

Personalised recommendations

Actions

Unlimited access to the full article
Instant download
Include local sales tax if applicable

Subscribe to Journal

Get Access to

Distributed Computing

for the whole of 2017

Adversarial topology discovery in network virtualization environments: a threat for ISPs?

Abstract

Copyright information

Authors and Affiliations

Personalised recommendations

Cookies