抗侧信道攻击的服务功能链部署方法  被引量:1

A Service Function Chain Deployment Method Against Side Channel Attack

在线阅读下载全文

作  者:伊鹏[1] 谢记超 张震[1] 谷允捷 赵丹[1] YI Peng;XIE Jichao;ZHANG Zhen;GU Yunjie;ZHAO Dan(National Digital Switching System Engineering&Technological Research Center,Zhengzhou 450002,China)

机构地区:[1]国家数字交换系统工程技术研究中心

出  处:《电子与信息学报》2019年第11期2699-2707,共9页Journal of Electronics & Information Technology

基  金:国家自然科学基金(61802429,61872382,61521003);国家重点研发计划(2017YFB0803201,2017YFB0803204)~~

摘  要:侧信道攻击是当前云计算环境下多租户间信息泄露的主要途径,针对现有服务功能链(SFC)部署方法未充分考虑多租户环境下虚拟网络功能(VNF)面临的侧信道攻击问题,该文提出一种抗侧信道攻击的服务功能链部署方法。引入基于时间均值的租户分类策略以及结合历史信息的部署策略,在满足服务功能链资源约束条件下,以最小化租户所能覆盖的服务器数量为目标建立相应的优化模型,并设计了基于贪婪选择的部署算法。实验结果表明,与其他部署方法相比,该方法显著提高了恶意租户实现共存的难度与代价,降低了租户面临的侧信道攻击风险。Side channel attack is the primary way to leak information between tenants in current cloud computing environment.However,existing Service Function Chain(SFC)deployment methods do not fully consider the side channel attack problem faced by the Virtual Network Function(VNF)in the multi-tenant environment.A SFC deployment method is proposed against side channel attack.A tenant classification strategy based on average time and a deployment strategy considering historical information are introduced.Under the resource constraints of the SFC,the optimization model is established with the goal of minimizing the number of servers that the tenant can cover.And a deployment algorithm is designed based on the greedy choice.The experimental results show that,compared with other deployment methods,this method can significantly improve the difficulty and cost of malicious tenant to realize co-residence,and reduces the risk of side channel attack faced by tenants.

关 键 词:侧信道攻击 服务功能链 部署方法 租户分类 历史部署信息 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象