Modeling Security Requirements for VNE Algorithms: A Practical Approach

  • Ramona Kühn
  • Andreas Fischer
  • Hermann de MeerEmail author
Part of the EAI/Springer Innovations in Communication and Computing book series (EAISICC)


Both individuals and organizations appreciate the deployment of elastic virtual computing resources on demand in public and private Infrastructure as a Service (IaaS) clouds. Virtual Network Embedding (VNE) algorithms provide the automated and efficient resource assignment necessary for this use case. With the increase of participating parties, the relevance of security-aware Virtual Machine (VM) placement for production environments is increased, too. The problem is extended to networks when VNE algorithms consider security requirements of the interconnection between VM. This chapter presents a solution for realizing how security requirements of Virtual Network (VN) can be implemented in the VNE and how they can be mapped in the physical network. The chapter provides an implementation of this security-aware VNE model in ALEVIN—an open source simulation platform. This shows that the model is applicable with a realistic use case and allows to evaluate the embedding.


  1. 1.
    E. Amaldi, S. Coniglio, A.M. Koster, M. Tieves, On the computational complexity of the virtual network embedding problem. Electron Notes Discrete Math. 52, 213–220 (2016). {INOC} 2015 7th International Network Optimization ConferenceMathSciNetCrossRefGoogle Scholar
  2. 2.
    L.R. Bays, R.R. Oliveira, L.S. Buriol, M.P. Barcellos, L.P. Gaspary, Security-aware optimal resource allocation for virtual network embedding, in Proceedings of the 8th International Conference on Network and Service Management, CNSM ’12 (International Federation for Information Processing, Laxenburg, 2013), pp. 378–384Google Scholar
  3. 3.
    L.R. Bays, R.R. Oliveira, M.P. Barcellos, L.P. Gaspary, E.R. Mauro Madeira, Virtual network security: threats, countermeasures, and challenges. J. Internet Serv. Appl. 6(1), 1 (2015)Google Scholar
  4. 4.
    M.T. Beck, A. Fischer, F. Kokot, C. Linnhoff-Popien, H. De Meer, A simulation framework for virtual network embedding algorithms, in 6th International Telecommunications Network Strategy and Planning Symposium (Networks 2014) (IEEE, New York, 2014), pp. 1–6Google Scholar
  5. 5.
    S. Berger, R. Cáceres, K.A. Goldman, R. Perez, R. Sailer, L. van Doorn, vtpm: kirtualizing the trusted platform module, in Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, Berkeley, 2006Google Scholar
  6. 6.
    N. Chowdhury, M. Rahman, R. Boutaba, Virtual network embedding with coordinated node and link mapping, in IEEE INFOCOM 2009 (2009), pp. 783–791Google Scholar
  7. 7.
    M. Chowdhury, M. Rahman, R. Boutaba, Vineyard: virtual network embedding algorithms with coordinated node and link mapping. IEEE/ACM Trans. Networking 20(1), 206–219 (2012)CrossRefGoogle Scholar
  8. 8.
    B. Doll, D. Emmerich, R. Herkenhöner, R. Kühn, H. de Meer, On Location-Determined Cloud Management for Legally Compliant Outsourcing (Springer Fachmedien Wiesbaden, Wiesbaden, 2015), pp. 61–73CrossRefGoogle Scholar
  9. 9.
    A. Fischer, H. De Meer, Position paper: secure virtual network embedding. Praxis der Informationsverarbeitung und Kommunikation 34(4), 190–193 (2011)Google Scholar
  10. 10.
    A. Fischer, J.F. Botero, M. Duelli, D. Schlosser, X. Hesselbach, H. De Meer, ALEVIN - a framework to develop, compare, and analyze virtual network embedding algorithms. Electron. Commun. EASST 37, 1–12 (2011)Google Scholar
  11. 11.
    A. Fischer, J.F. Botero, M.T. Beck, H. De Meer, X. Hesselbach, Virtual network embedding: a survey. IEEE Commun. Surv. Tutorials 15(4), 1888–1906 (2013)CrossRefGoogle Scholar
  12. 12.
    J. Lischka, H. Karl, A virtual network mapping algorithm based on subgraph isomorphism detection, in VISA ’09: Proceedings of the 1st ACM Workshop on Virtualized Infrastructure Systems and Architectures (ACM, New York, 2009), pp. 81–88Google Scholar
  13. 13.
    S. Liu, Z. Cai, H. Xu, M. Xu, Security-aware virtual network embedding, in 2014 IEEE International Conference on Communications (ICC) (2014), pp. 834–840Google Scholar
  14. 14.
    S. Liu, Z. Cai, H. Xu, M. Xu, Towards security-aware virtual network embedding. Comput. Netw. 91, 151–163 (2015)CrossRefGoogle Scholar
  15. 15.
    C. Papagianni, A. Leivadeas, S. Papavassiliou, V. Maglaris, C. Cervello-Pastor, A. Monje, On the optimal allocation of virtual resources in cloud computing networks. IEEE Trans. Comput. 62(6), 1060–1071 (2013)MathSciNetCrossRefGoogle Scholar
  16. 16.
    M. Yu, Y. Yi, J. Rexford, M. Chiang, Rethinking virtual network embedding: substrate support for path splitting and migration. SIGCOMM Comput. Commun. Rev. 38(2), 17–29 (2008)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  • Ramona Kühn
    • 1
  • Andreas Fischer
    • 2
  • Hermann de Meer
    • 1
    Email author
  1. 1.University of PassauPassauGermany
  2. 2.Deggendorf Institute of Technology, Faculty of Electrical EngineeringMedia Technology and Computer ScienceDeggendorfGermany

Personalised recommendations