Security-Aware Service Function Chaining and Embedding With Asymmetric Dedicated Protection

Abstract

In the 5G and beyond 5G networks, achieving security-aware data transmission needs to convert clients ' requests into a service function chain (SFC), each service function (SF) providing a certain security guarantee. With diverse configuration techniques, an SF may own multiple versions, each version providing various security guarantees with diverse costs. It should be notice that, as the recent software failures have caused severe financial loss, great attentions from both academia and industry have been put onto the SFC reliability. In the literature, existing works have solely investigated the following two fields: 1) how to deploy a security-aware SFC, and 2) how to protect a traditional SFC. Simply applying these techniques to dealing with the problem of security-aware SFC protection might not be efficient as the backup and primary SFCs may not be identical for security-aware SFCs. Therefore, how to jointly take these fields into account is challenging and remains open. To tackle the above problem, this paper studies how to construct and embed a security-aware SFC with asymmetric dedicated protection. We mathematically define this problem and name it security-aware service function chaining, embedding, and protection with multi-versioned SFs (SFCEP-MF) with the objective of cost optimization. Next, to optimize the SFCEP-MF problem, we construct an efficient algorithm, called augmenting-path with primary-first disjoint SFP identifier (APPF-DSI). Extensive simulation results show that the APPF-DSI algorithm outperforms the benchmark approaches that are directly extended from the state-of-the-art.