Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences:...
Transcript of Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences:...
![Page 1: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/1.jpg)
Adversarial VNet Embeddings: A Threat for ISPs?
Yvonne-Anne Pignolet, Gilles Tredan, Stefan Schmid April, 2013
![Page 2: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/2.jpg)
2 Telekom Innovation Laboratories Stefan Schmid
CloudNets = Virtual Networking Cloud Resources
Success of Node Virtualization
a.k.a. end-host virtualization VMWare revamped server business OpenStack VM = flexible allocation, migration.. «Elastic computing»
Trend of Link Virtualization
MPLS, VPN networks, VLANs Software Defined Networks
(SDN), OpenFlow, ... «The VMWare of the net» «Elastic networking»
Unified, fully virtualized networks: CloudNets „Combine networking with heterougeneous cloud resources (e.g., storage, CPU, ...)!“
![Page 3: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/3.jpg)
3 Telekom Innovation Laboratories Stefan Schmid
The Vision: Sharing Resources.
![Page 4: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/4.jpg)
4 Telekom Innovation Laboratories Stefan Schmid
The Vision: Flexible CloudNets.
Physical infrastructure
(e.g., accessed by mobile clients)
Specification:
1. close to mobile clients
2. >100 kbit/s bandwidth for synchronization
Provider 1
Provider 2
CloudNet requests
CloudNet 2: Mobile service w/ QoS CloudNet 1: Computation
Specification:
1. > 1 GFLOPS per node
2. Monday 3pm-5pm
3. multi provider ok
![Page 5: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/5.jpg)
5 Telekom Innovation Laboratories Stefan Schmid
The Vision: Flexible CloudNets.
Physical infrastructure
(e.g., accessed by mobile clients)
Specification:
1. close to mobile clients
2. >100 kbit/s bandwidth for synchronization
Provider 1
Provider 2
CloudNet requests
CloudNet 2: Mobile service w/ QoS CloudNet 1: Computation
Specification:
1. > 1 GFLOPS per node
2. Monday 3pm-5pm
3. multi provider ok
![Page 6: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/6.jpg)
6 Telekom Innovation Laboratories Stefan Schmid
Embedding: From Service Provider via Broker to Infrastructure Provider.
API
API
API
Roles in CloudNet Arch.
Service Provider (SP)
(offers services over the top)
Virtual Network Operator (VNO)
(operates CloudNet, Layer 3+, triggers migration)
Physical Infrastructure Provider (PIP)
(resource and bit pipe provider)
Virtual Network Provider (VNP)
(resource broker, compiles resources)
Embed!
Embed!
Embed!
![Page 7: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/7.jpg)
7 Telekom Innovation Laboratories Stefan Schmid
Security Issues.
Are CloudNet embeddings a threat for ISPs?
Do embeddings leak information about infrastructure?
?
![Page 8: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/8.jpg)
8 Telekom Innovation Laboratories Stefan Schmid
Request Complexity.
Are CloudNet embeddings a threat for ISPs?
How many embeddings needed to fully reveal topology?
Request Complexity
?
?
?
Yes
Yes
No
![Page 9: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/9.jpg)
9 Telekom Innovation Laboratories Stefan Schmid
Embedding Model.
unit capacity
unit capacity
arbitrary node demand arbitrary link
demand
![Page 10: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/10.jpg)
10 Telekom Innovation Laboratories Stefan Schmid
Embedding Model.
unit capacity
unit capacity
arbitrary node demand arbitrary link
demand
relay cost ε>0 (e.g., packet rate)
![Page 11: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/11.jpg)
11 Telekom Innovation Laboratories Stefan Schmid
Embedding Model.
unit capacity
unit capacity
arbitrary node demand arbitrary link
demand
relay cost ε>0 (e.g., packet rate) We will ask for unit capacities on
nodes and links! Essentially a graph immersion problem: disjoint paths for virtual links...
![Page 12: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/12.jpg)
12 Telekom Innovation Laboratories Stefan Schmid
Some Properties Simple...
«Is the network 2-connected?»
?
No
![Page 13: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/13.jpg)
13 Telekom Innovation Laboratories Stefan Schmid
Example: Tree
How to discover a tree? (Too) naive idea: 1. Test whether triangle fits? (loop-free) 2. Try to add neighbors to node until it works
![Page 14: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/14.jpg)
14 Telekom Innovation Laboratories Stefan Schmid
Example: Tree
How to discover a tree? Naive idea: 1. Test whether triangle fits? (loop-free) 2. Try to add neighbors to node as long as possible, then continue with other node (degree strategy)
Problem: virtual links may be embedded over multiple physical links! Can still extend v, but will miss nodes along the way!
v
![Page 15: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/15.jpg)
15 Telekom Innovation Laboratories Stefan Schmid
Solution: Tree
TREE ALGORITHM: line strategy 1. Binary search on longest path («anchor»):
...
2. Last and first node explored, explore «branches» at pending nodes
Analysis: Amortized analysis on links.
Then:
![Page 16: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/16.jpg)
16 Telekom Innovation Laboratories Stefan Schmid
Be Careful with Embedding Relation!
Example: - A cannot be embedded into B - B cannot be embedded into A - But A can be embedded into BB!
A B BB
1
2
5
3
4 6 7 1
2
5
3
4
6
7
![Page 17: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/17.jpg)
17 Telekom Innovation Laboratories Stefan Schmid
Overview of Results.
PIP 3 Tree Can be explored in O(n)
requests. This is optimal!
PIP 3 General Graph Can be explored in O(n2)
requests. This is optimal!
Cactus Graph Can be explored in O(n)
requests. This is optimal!
Lower bound: via number of possible trees and binary information.
Idea: Make spanning tree and then try all edges. (Edges directly does not work!)
Via «graph motifs»! A general framework exploiting poset relation.
![Page 18: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/18.jpg)
18 Telekom Innovation Laboratories Stefan Schmid
Overview of Results.
PIP 3 Tree Can be explored in O(n)
requests. This is optimal!
PIP 3 General Graph Can be explored in O(n2)
requests. This is optimal!
Cactus Graph Can be explored in O(n)
requests. This is optimal!
Lower bound: via number of possible trees and binary information.
Idea: Make spanning tree and then try all edges. (Edges directly does not work!)
Via «graph motifs»! A general framework exploiting poset relation.
![Page 19: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/19.jpg)
19 Telekom Innovation Laboratories Stefan Schmid
Overview of Results.
PIP 3 Tree Can be explored in O(n)
requests. This is optimal!
PIP 3 General Graph Can be explored in O(n^2)
requests. This is optimal!
Cactus Graph Can be explored in O(n)
requests. This is optimal!
Lower bound: via number of possible trees and binary information.
Idea: Make spanning tree and then try all edges. (Edges directly does not work!)
Via «graph motifs»! A general framework exploiting poset relation.
![Page 20: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/20.jpg)
20 Telekom Innovation Laboratories Stefan Schmid
General Recipe: Expand Request! 1. Find «knitting»: - increasing connectivity too late comes at high cost! - so first find graph structure of connected «motifs» - motif = 2-connected components
2. Expand knitting - add nodes along virtual edges
![Page 21: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/21.jpg)
21 Telekom Innovation Laboratories Stefan Schmid
General Recipe. 1. Find «knitting»: - increasing connectivity too late comes at high cost! - so first find graph structure of connected «motifs» - motif = 2-connected components
2. Expand knitting - add nodes along virtual edges
![Page 22: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/22.jpg)
22 Telekom Innovation Laboratories Stefan Schmid
General Recipe. 1. Find «knitting»: - increasing connectivity too late comes at high cost! - so first find graph structure of connected «motifs» - motif = 2-connected components
2. Expand knitting - greedily add nodes along virtual edges
![Page 23: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/23.jpg)
23 Telekom Innovation Laboratories Stefan Schmid
Dictionary Attack: Expansion Framework.
Examples Tree motifs: Cactus motifs:
Basic “knittings” of the graph.
Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology. (E.g., by embedding links across multiple hops.)
Dictionary
Partially ordered set: embedding relation fulfills reflexivity, anti-symmetry, transitivity.
Poset
Framework
Explore branches according
to dictionary order,
exploiting poset property.
![Page 24: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/24.jpg)
24 Telekom Innovation Laboratories Stefan Schmid
Dictionary Attacks: Expand Framework.
Examples Tree motifs: Cactus motifs:
Basic “knittings” of the graph.
Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology. (E.g., by embedding links across multiple hops.)
Dictionary
Partially ordered set: embedding relation fulfills reflexivity, anti-symmetry, transitivity.
Poset
Framework
Explore branches according
to dictionary order,
exploiting poset property.
![Page 25: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/25.jpg)
25 Telekom Innovation Laboratories Stefan Schmid
Example: Dictionary as a DAG.
Dictionary is a directed acyclic graph: defines which motifs to ask first! (Ensure: no important part overlooked!) Graph b) can be derived from dictionary a)!
![Page 26: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/26.jpg)
26 Telekom Innovation Laboratories Stefan Schmid
Example: Dictionary as a DAG.
Dictionary is a directed acyclic graph: defines which motifs to ask first! (Ensure: no important part overlooked!) Graph b) can be derived from dictionary a)!
Request complexity depends on depth! (E.g., number of motifs?)
![Page 27: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/27.jpg)
27 Telekom Innovation Laboratories Stefan Schmid
Evaluation: Request Complexity in Real Graphs.
A small set of motifs is often sufficient to discover all or most of a topology! (Size of dictionary influences request complexity…) E.g., motifs for autonomous system AS 1239 (Sprint) from Rocketfuel:
![Page 28: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/28.jpg)
28 Telekom Innovation Laboratories Stefan Schmid
Conclusion.
- CloudNets:
- Elastic computing and networking
- Federated architecture: embeddings
- New security challenges
- With binary replies, graphs can not be exploited very efficiently (at least linear time)
- A first look at topology!
![Page 29: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/29.jpg)
29 Telekom Innovation Laboratories Stefan Schmid
The Project Website.
![Page 30: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/30.jpg)
30 Telekom Innovation Laboratories Stefan Schmid
Collaborators and Publications. People
T-Labs / TU Berlin: Anja Feldmann, Carlo Fürst, Johannes Grassler, Arne Ludwig, Matthias Rost, Gregor Schaffrath, Stefan Schmid
Uni Wroclaw: Marcin Bienkowski Uni Tel Aviv: Guy Even, Moti Medina NTT DoCoMo Eurolabs: Group around Wolfgang Kellerer LAAS: Gilles Tredan ABB: Yvonne Anne Pignolet IBM Research: Johannes Schneider Arizona State Uni: Xinhui Hu, Andrea Richa
Publications
Prototype: J. Information Technology 2013, ICCCN 2012, ERCIM News 2012, SIGCOMM VISA 2009
Migration: ToN 2013, INFOCOM 2013, ICDCN 2013 + Elsevier TCS Journal, Hot-ICE 2011, IPTComm 2011, SIGCOMM VISA 2010
Embedding: INFOCOM 2013 (Mini-Conference), CLOUDNETS 2012, 2 x ACM UCC 2012, DISC 2012, ICDCN 2012 (Best Paper Distributed Computing Track)
![Page 31: Adversarial VNet Embeddings: A Threat for ISPs? · Motif Define an order on motif sequences: Constraints on which sequence to ask first in order not to overlook a part of the topology.](https://reader035.fdocuments.in/reader035/viewer/2022063011/5fc5b017e73b0a46fe0e8c36/html5/thumbnails/31.jpg)
31 Telekom Innovation Laboratories Stefan Schmid
Dr. Stefan Schmid
Telekom Innovation Laboratories Ernst-Reuter-Platz 7, D-10587 Berlin E-mail: [email protected]
Project website: http://www.net.t-labs.tu-
berlin.de/~stefan/virtu.shtml
Contact.