面向云网融合SaaS安全的虚拟网络功能映射方法

在云网融合背景下，承载软件即服务（SaaS）业务功能的云基础设施可能横跨多个数据中心和归属网络，难以保证云资源安全可控。为缩短SaaS业务服务的处理时延，设计基于冗余执行和交叉检验的SaaS组合服务模式，并对容器、Hypervisor和云基础设施的安全威胁进行建模，建立拟态化虚拟网络功能映射模型和安全性优化机制。在此基础上，提出基于近端策略优化的PJM算法。实验结果表明，与CCMF、JEGA和QVNE算法相比，PJM算法在满足安全性约束的条件下，能够降低约12.2%业务端到端时延。

SaaS Security Oriented Virtual Network Function Embedding Method Under Cloud-Network Integration

In the context of cloud-network integration, the cloud infrastructure carrying Software as a Service(SaaS) business functions may span multiple data centers and home networks, which adds difficulty to the security and controllability of cloud resources.In order to reduce the processing delay of SaaS business services, the SaaS composite service mode is designed based on redundant execution and cross inspection.The security threats of container, Hypervisor and cloud infrastructure are modeled, and the Mimetic Virtural Network Function Embedding(MVNE) model and the security optimization mechanism are established.On this basis, the PJM algorithm based on proximal strategy optimization is proposed.The experimental results show that, compared with CCMF, JEGA and QVNE algorithms, the PJM algorithm can reduce the end-to-end delay of services by about 12.2% under the security constraints.