loading page

Efficient Zero-Trust-enabled Service Function Chain Deployment in Multi-Vendor Networks
  • +1
  • Danyang Zheng,
  • Huanlai Xing,
  • Xiaojun Cao,
  • Jie Xu
Danyang Zheng

Corresponding Author:[email protected]

Author Profile
Huanlai Xing
Xiaojun Cao
Author Profile
Jie Xu


With the advent of zero trust (ZT) security architectures, vendors can bolster their services' security by continuously verifying every end-to-end traffic flow through the policy enforcement point (PEP). However, the demand for dedicated hardware substantially hinders the extensive deployment of PEP across networks. Consequently, the PEP-based verification can incur overwhelming cost when accommodating network requests involving a sequence of end-to-end traffic flows such as service function chains (SFCs). In this work, we introduce the concept of ZT as a function (ZTaaF) to minimize the verification cost in PEP-based SFC deployment. The ZTaaF enhances the verification flexibility and saves the verification cost by virtualizing the hardware-based PEP into a software module and enabling the inter-trust among the servers from the same vendor. Based on the ZTaaF paradigm, we define a novel problem called SFC deployment with ZTaaF (SFCZT). After analyzing the challenges in SFCZT, we propose an efficient algorithm based on the layered graph technique named ZTaaF-aware SFC embedding (ZAN). Through thorough mathematical analysis, we demonstrate ZAN's optimality when the network provides sufficient resources for the incoming SFC request. Extensive simulation results validate ZAN's optimality under the above assumption and show that ZAN significantly outperforms the benchmarks.
01 Jun 2024Submitted to TechRxiv
07 Jun 2024Published in TechRxiv