Monitorability Bounds via Expander, Sparsifier and Random Walks: The Interplay Between On-Demand Monitoring and Anonymity (Extendend Abstract)

摘要

Software-defined networking (SDN), network functions vir-tualization (NFV) and network virtualization (NV) build a mini-cosmos inside data centers, cloud providers, and enterprises. The network virtualization allows new on-demand management capabilities, in this work we demonstrate such a service, namely, on-demand efficient monitoring or anonymity. The proposed service is based on network virtualization of expanders or sparsifiers over the physical network. The defined virtual (or overlay) communication graphs coupled with a multi-hop extension of Valiant randomization based routing lets us monitor the entire traffic in the network, with a very few monitoring nodes. In particular, we show that using overlay network with expansion properties and Valiant randomized load balancing it is enough to place O(m) monitor nodes when the length of the overlay path (number of intermediate nodes chosen by Valiant's routing procedure) is O(n/m). We propose two randomized routing methods to implement policies for sending messages, and we show that they facilitate efficient monitoring of the entire traffic, such that the traffic is distributed uniformly in the network, and each monitor has an equiprobable view of the network flow. In terms of complex networks, our result can be interpreted as a way to enforce the same betweenness centrality to all nodes in the network. Additionally, we show that our results are useful in employing anonymity services. Thus, we propose monitoring or anonymity services, which can be deployed and shut down on-demand. Our work is the first, as far as we know, to bring such on-demand infrastructure structuring using the cloud NV capability to existing monitoring or anonymity networks. We propose methods that theoretically improve services provided by existing anonymity networks, and optimize the degree of anonymity, in addition to providing robustness and reliability to system usage and security. At last, we believe, that our constructions of overlay expanders and sparsifiers weighted network, that use several random walk trees, are of independent interest.