Options
Dr. Prieto-Hernandez, Yasmany
Nombre de publicaciĂ³n
Dr. Prieto-Hernandez, Yasmany
Nombre completo
Prieto Hernandez, Yasmany
Facultad
Email
yprieto@ucsc.cl
ORCID
1 results
Research Outputs
Now showing 1 - 1 of 1
- PublicationGuaranteeing network reliability to 0-day exploits using Cost-Effective heterogeneous node migrationNetwork reliability has become an important concern to network administrators and service providers, and is prominently considered in network design. Particularly, 0-day vulnerabilities are an increasing threat to software-based networking systems. When shared between node appliances, they can be exploited simultaneously and compromise large portions of the network. Moreover, it has been observed that the number of 0-day vulnerabilities discovered yearly in node appliances tends to increase over time. Thus, we can expect that the reliability to 0-day exploits of a network implemented with these appliances will also worsen over time. In this work, we treat network reliability to 0-day exploits as a service, where he network provider agrees to deliver a reliability-based level of service over time. We propose a network reliability metric based on network connectivity and discovered appliance vulnerabilities. We formulate a strategy to guarantee a reliability value over time, based on heterogeneous networking and periodically running cost-effective partial node migrations. We use numerical evaluations to test our methodology on two software-defined wide-area networks based on known backbone IP topologies. Our significant findings are the following: First, when the network reliability becomes worse than the service guarantee, it can be restored in most cases by combining appliance reallocation and node migration. Second, our evaluations show a direct relationship between a network reliability value and the cost incurred to guarantee it. Third, we noted that, when using our appliance-to-node allocation strategy to guarantee the same reliability on different networks, their post-failure connectivity depends on the underlying network topology.