網路虛擬化被視為未來網路中最具前景的技術之一,這項新技術允許將各個應用抽象化成不同的虛擬網路(VN),並共享同一個基礎設施供應商(InP)所提供之實體網路(SN)資源。如何有效地分配資源給每個虛擬網路為虛擬環境下的一個重要問題,此問題通常稱為虛擬網路嵌入(virtual network embedding, VNE)。 在虛擬網路嵌入的問題中,大部分的研究著重於單一基礎設施供應商的場景。在此情境之下不需要去考慮基礎設施供應商的隱私問題,因為基礎設施供應商不需將自己的實體網路拓墣公開給他人知道。取而代之的是,需要考慮服務供應商的隱私。若缺乏一個適當的保護機制,很難不讓基礎設施供應商知道有關虛擬網路的資訊。相反的,當環境中涉及多個基礎設施供應商時,服務供應商的隱私問題變得容易解決,只需要將原本完整的虛擬網路拓墣拆成多個部分並交由不同基礎設施供應商來執行。如此一來,將沒有任何一個基礎設施供應商能知道完整虛擬網路的長的樣子,也就能避免他們推論整個虛擬網路所提供的服務是什麼以及是如何被實現的。然而,我們必須考量基礎設施供應商的隱私,因為我們很難避免讓基礎設施供應商提供部分資訊給負責做虛擬網路拆分的人。 本文的主旨在於我們嘗試在不犧牲網路嵌入效率的前提下,來對負責虛擬網路的角色隱藏基礎設施供應商之拓撲訊息。我們提出一種基於K匿名的拓墣模糊化方式來保護基礎設施供應商的隱私。模擬結果顯示我們所提出的方法相較於其他已存在的方法提高了12.3%的接受率。
Network virtualization has been regarded as one of the most promising technologies in future networks. This new technology allows applications to be abstracted as customized virtual networks (VNs) and to share the resources in the same substrate network (SN) provided by infrastructure providers (InPs). How to allocate resources to each VN efficiently and effectively becomes a critical issue in the virtual environment, and this issue is usually referred to as virtual network embedding (VNE). Most of the existing researches focus on the single-domain scenario where only one InP provides the SN to serve VNs. In such a scenario, we do not need to consider InP’s privacy because there is no need for the InP to reveal its SN. Instead, we need to consider the privacy of the service provider (SP) because without a proper protection mechanism, it is difficult not to let the InP learn the information of the VN. On the contrary, when it comes to the multi-domain scenario, the SP’s privacy can be easily protected since the SP can split its VN into several parts and assign them to different InPs. By doing so, none of InPs will know how the entire VN looks like, so it is difficult for InPs to figure out what and how the service is implemented. However, the InP’s privacy becomes a critical issue because it is inevitable for InPs to reveal their SN topologies to someone who conducts the VN resource allocation. In this thesis, we try to conceal the topological information of InPs to anyone that takes charge of the VNE without sacrificing the embedding efficiency. We propose a K-anonymity based topology obfuscation solution to protect the privacy of the InPs. The simulation results show that our proposed method improves the acceptance ratio by 12.3 % compared with the existing approaches.