“Secure and Dependable Multi-Cloud Network Virtualization”
in 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures (XDOM0), Apr. 2017.
Abstract: Traditional forms of network virtualization lack the scalability and flexibility required in modern cloud infrastructures. The recent paradigm shift in networking that promotes the logical centralization of control has given operators the necessary tools for virtualization of network resources, at the required scale. The effectiveness of recently proposed network virtualization solutions is enabling cloud providers to extend their service offering of compute and storage with network virtualization. These multi-tenant platforms have so far focused on the offer of conventional networking services by a single cloud provider. As such, they face limitations in terms of security and dependability, both in terms of the infrastructure itself and of the services offered to its customers. To address these challenges we present Sirius, a network virtualization platform for multi-cloud environments. Contrary to existing solutions, Sirius considers not only connectivity and performance, but also security and dependability as first class citizens. Many of the benefits arise from leveraging from a substrate infrastructure composed of both public clouds and private data centers. Sirius improves over existing solutions by allowing users to specify security and dependability requirements for all virtual resources, and guaranteeing their fulfillment. In this paper we present the design of Sirius and the current state of its implementation. Our evaluation on a substrate that includes both private and public clouds shows the feasibility of the solution and gives insights on some of the important challenges to address in the future.
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)