抗侧信道攻击的服务功能链部署方法

侧信道攻击是当前云计算环境下多租户间信息泄露的主要途径，针对现有服务功能链(SFC)部署方法未充分考虑多租户环境下虚拟网络功能(VNF)面临的侧信道攻击问题，该文提出一种抗侧信道攻击的服务功能链部署方法。引入基于时间均值的租户分类策略以及结合历史信息的部署策略，在满足服务功能链资源约束条件下，以最小化租户所能覆盖的服务器数量为目标建立相应的优化模型，并设计了基于贪婪选择的部署算法。实验结果表明，与其他部署方法相比，该方法显著提高了恶意租户实现共存的难度与代价，降低了租户面临的侧信道攻击风险。

A Service Function Chain Deployment Method Against Side Channel Attack

Side channel attack is the primary way to leak information between tenants in current cloud computing environment. However, existing Service Function Chain (SFC) deployment methods do not fully consider the side channel attack problem faced by the Virtual Network Function (VNF) in the multi-tenant environment. A SFC deployment method is proposed against side channel attack. A tenant classification strategy based on average time and a deployment strategy considering historical information are introduced. Under the resource constraints of the SFC, the optimization model is established with the goal of minimizing the number of servers that the tenant can cover. And a deployment algorithm is designed based on the greedy choice. The experimental results show that, compared with other deployment methods, this method can significantly improve the difficulty and cost of malicious tenant to realize co-residence, and reduces the risk of side channel attack faced by tenants.