Traffic isolation techniques in securing multi-tenant virtual environments
Abstract
A fundamental function of almost any network is to ensure that certain types of traffic are kept isolated from other traffic in the network. With multi-tenant environments such as datacentres and the cloud providing isolation between traffic, and in particular, tenant traffic is even more crucial than ever before. Incorporating isolation also helps provide an additional level of security to traffic in the network. But with the rapid change of network architectures over the past decade from physical to virtual environments, providing isolation is not so straightforward.
With the creation of virtualization and virtual networks an investigation into whether isolation can be incorporated into virtual environments as effectively as they can be into physical environments provides the basis for this research. The purpose of this paper is to present a comprehensive investigation into incorporating different isolation techniques into various types of virtual environments. This work will explore and evaluate these isolation techniques and describe how effective each of the isolation techniques incorporated are when integrated into multi-tenant virtual networking environments. In an attempt to determine the effectiveness of each of the isolation methods three experiments were carried out which incorporates three different isolation techniques into different virtual environments to determine the effectiveness of each method.
The results demonstrates that isolation techniques can be incorporated into virtual environments just as effectively as they can be into traditional networks. However, as virtualization is still a relatively new paradigm the results do raise the question as to whether enough is known about the different types of virtual environments such as SDN’s and the attack vectors associated with these environments. Due to these reservations it is evident that further investigation and exploration is required.
Collections
The following license files are associated with this item: