In this paper, we propose VMGuard, a state-based proactive approach for efficiently verifying large-scale virtual infrastructures in cloud and NFV against network isolation policies. Our key idea is to proactively trigger the verification based on predicted events and their simulated impact upon the current state, such that we can have the best of both worlds, i.e., the efficiency of a proactive approach and the effectiveness of state-based verification. We implement and evaluate VMGuard based on OpenStack, and our experiments with both real and synthetic data demonstrate the performance and efficiency, e.g., less than five milliseconds to perform incremental verification on a dataset with more than 25,000 VMs and less than two milliseconds with the proactive module enabled.
Full abstract available in IEEEXplore DOI:10.1109/TDSC.2020.3041430
Gagandeep Singh Chawla, Suryadipta Majumdar, Lingyu Wang, and Mourad Debbabi, Concordia University
Mengyuan Zhang, Yosr Jarraya, and Makan Pourzandi, Ericsson Research
Published in: IEEE Transactions on Dependable and Secure Computing, Volume: 18, Issue: 4, July-Aug. 1 2021.
© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse.