Modern network virtualization platforms enable users to specify custom topologies and arbitrary addressing schemes for their virtual networks. These platforms have, however, been targeting the data center of a single provider, which is insufficient to support (critical) applications that need to be deployed across multiple trust domains, while enforcing diverse security requirements. This paper addresses this limitation by presenting a novel solution for the central resource allocation problem of network virtualization – the virtual network embedding, which aims to find efficient mappings of virtual network requests onto the substrate network. We improve over the state-of-the-art by considering security as a first-class citizen of virtual networks, while enhancing the substrate infrastructure with resources from multiple cloud providers. Our solution enables the definition of flexible policies in three core elements: on the virtual links, where alternative security compromises can be explored (e.g., encryption); on the virtual switches, supporting various degrees of protection and redundancy if necessary; and on the substrate infrastructure, extending it across multiple clouds, including public and private facilities, with their inherently diverse trust levels associated. We propose an optimal solution to this problem formulated as a Mixed Integer Linear Program (MILP). The results of our evaluation give insight into the trade-offs associated with the inclusion of security demands into network virtualization. In particular, they provide evidence that enhancing the user’s virtual networks with security does not preclude high acceptance rates and an efficient use of resources, and allows providers to increase their revenues.

现代网络虚拟化平台使用户能够为其虚拟网络指定自定义拓扑和任意寻址方案。但是，这些平台的目标是单个提供商的数据中心，这不足以支持需要在多个信任域之间部署的（关键）应用程序，同时又要执行各种安全要求。本文通过为网络虚拟化的中心资源分配问题提出了一种新颖的解决方案，即虚拟网络嵌入，以解决这一局限性，虚拟网络嵌入旨在找到虚拟网络请求到基础网络的有效映射。我们将安全性视为虚拟网络的一流公民，从而改进了现有技术，同时利用来自多个云提供商的资源增强了基础架构。例如，加密）；在虚拟交换机上，必要时支持各种程度的保护和冗余；在基础架构上，将其扩展到包括公共和私有设施在内的多个云，并具有固有的不同信任级别。我们提出了针对此问题的最佳解决方案，称为混合整数线性程序（MILP）。我们评估的结果使您可以深入了解在将安全性需求纳入网络虚拟化过程中的权衡取舍。特别是，它们提供的证据表明，通过安全性增强用户的虚拟网络不会排除较高的接受率和对资源的有效利用，并使提供商能够增加其收入。