Name
Abstract | ||
|---|---|---|
Network virtualization is a key enabler for cloud computing and its economic benefits. However, many security challenges arise when mutually untrusted tenants are co-located in the same virtualized network infrastructure. To address such issues, multi-tenant environments commonly employ isolation mechanisms to prevent interferences among different tenants' network behavior. Even though the need for multi-tenant network isolation is widely accepted, and most cloud systems do employ network virtualization technologies to address this need, it is not always clear what exactly is isolated in each approach and, consequently, the level of security obtained in each case. Aiming to address this matter, in this article we describe three complementary strategies for addressing multi-tenant isolation in cloud networks, classified according to the type of tenant network resource being isolated, namely: data paths, software resources and hardware resources. These three strategies are then applied in the evaluation of existing network virtualization architectures, showing that most of them focus only on data path isolation. We then propose a more holistic design, based on the concept of “tenant network domains”, which combines the aforementioned isolation strategies to create a more secure network virtualization architecture. |
Year | DOI | Venue |
|---|---|---|
2019 | 10.1109/ICIN.2019.8685898 | 2019 22nd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN) |
Keywords | Field | DocType |
cloud networks,cloud computing,economic benefits,security challenges,mutually untrusted tenants,virtualized network infrastructure,multitenant environments,isolation mechanisms,multitenant network isolation,cloud systems,network virtualization technologies,complementary strategies,multitenant isolation,tenant network resource,software resources,hardware resources,network virtualization architectures,data path isolation,aforementioned isolation strategies,secure network virtualization architecture | Architecture,Enabling,Data path,Computer science,Network isolation,Software,Network virtualization,Network behavior,Cloud computing,Distributed computing | Conference |
ISSN | ISBN | Citations |
2162-3414 | 978-1-5386-8337-8 | 0 |
PageRank | References | Authors |
0.34 | 0 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Bruno Medeiros | 1 | 0 | 0.34 |
| Marcos A. Simplício, Jr. | 2 | 158 | 15.04 |
| Ewerton R. Andrade | 3 | 29 | 4.02 |