TY - GEN
T1 - Monitorability bounds via expander, sparsifier and random walks the interplay between on-demand monitoring and anonymity (Extendend abstract)
AU - Dolev, Shlomi
AU - Khankin, Daniel
N1 - Publisher Copyright:
© Springer International Publishing AG 2017.
PY - 2017/1/1
Y1 - 2017/1/1
N2 - Software-defined networking (SDN), network functions virtualization (NFV) and network virtualization (NV) build a mini-cosmos inside data centers, cloud providers, and enterprises. The network virtualization allows new on-demand management capabilities, in this work we demonstrate such a service, namely, on-demand efficient monitoring or anonymity. The proposed service is based on network virtualization of expanders or sparsifiers over the physical network. The defined virtual (or overlay) communication graphs coupled with a multi-hop extension of Valiant randomization based routing lets us monitor the entire traffic in the network, with a very few monitoring nodes. In particular, we show that using overlay network with expansion properties and Valiant randomized load balancing it is enough to place O(m) monitor nodes when the length of the overlay path (number of intermediate nodes chosen by Valiant’s routing procedure) is O(n/m). We propose two randomized routing methods to implement policies for sending messages, and we show that they facilitate efficient monitoring of the entire traffic, such that the traffic is distributed uniformly in the network, and each monitor has an equiprobable view of the network flow. In terms of complex networks, our result can be interpreted as a way to enforce the same betweenness centrality to all nodes in the network. Additionally, we show that our results are useful in employing anonymity services. Thus, we propose monitoring or anonymity services, which can be deployed and shut down on-demand. Our work is the first, as far as we know, to bring such on-demand infrastructure structuring using the cloud NV capability to existing monitoring or anonymity networks. We propose methods that theoretically improve services provided by existing anonymity networks, and optimize the degree of anonymity, in addition to providing robustness and reliability to system usage and security. At last, we believe, that our constructions of overlay expanders and sparsifiers weighted network, that use several random walk trees, are of independent interest.
AB - Software-defined networking (SDN), network functions virtualization (NFV) and network virtualization (NV) build a mini-cosmos inside data centers, cloud providers, and enterprises. The network virtualization allows new on-demand management capabilities, in this work we demonstrate such a service, namely, on-demand efficient monitoring or anonymity. The proposed service is based on network virtualization of expanders or sparsifiers over the physical network. The defined virtual (or overlay) communication graphs coupled with a multi-hop extension of Valiant randomization based routing lets us monitor the entire traffic in the network, with a very few monitoring nodes. In particular, we show that using overlay network with expansion properties and Valiant randomized load balancing it is enough to place O(m) monitor nodes when the length of the overlay path (number of intermediate nodes chosen by Valiant’s routing procedure) is O(n/m). We propose two randomized routing methods to implement policies for sending messages, and we show that they facilitate efficient monitoring of the entire traffic, such that the traffic is distributed uniformly in the network, and each monitor has an equiprobable view of the network flow. In terms of complex networks, our result can be interpreted as a way to enforce the same betweenness centrality to all nodes in the network. Additionally, we show that our results are useful in employing anonymity services. Thus, we propose monitoring or anonymity services, which can be deployed and shut down on-demand. Our work is the first, as far as we know, to bring such on-demand infrastructure structuring using the cloud NV capability to existing monitoring or anonymity networks. We propose methods that theoretically improve services provided by existing anonymity networks, and optimize the degree of anonymity, in addition to providing robustness and reliability to system usage and security. At last, we believe, that our constructions of overlay expanders and sparsifiers weighted network, that use several random walk trees, are of independent interest.
KW - Anonymity
KW - Expander
KW - Monitoring
KW - NFV
KW - NaaS
KW - Network
KW - On-demand
KW - SDN
UR - http://www.scopus.com/inward/record.url?scp=85019744030&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-59647-1_23
DO - 10.1007/978-3-319-59647-1_23
M3 - Conference contribution
AN - SCOPUS:85019744030
SN - 9783319596464
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 307
EP - 321
BT - Networked Systems - 5th International Conference, NETYS 2017, Proceedings
A2 - El Abbadi, Amr
A2 - Garbinato, Benoit
PB - Springer Verlag
T2 - 5th International Conference on Networked Systems, NETYS 2017
Y2 - 17 May 2017 through 19 May 2017
ER -