Abstract

Network reliability has become an important concern to network administrators and service providers, and is prominently considered in network design. Particularly, 0-day vulnerabilities are an increasing threat to software-based networking systems. When shared between node appliances, they can be exploited simultaneously and compromise large portions of the network. Moreover, it has been observed that the number of 0-day vulnerabilities discovered yearly in node appliances tends to increase over time. Thus, we can expect that the reliability to 0-day exploits of a network implemented with these appliances will also worsen over time. In this work, we treat network reliability to 0-day exploits as a service, where the network provider agrees to deliver a reliability-based level of service over time. We propose a network reliability metric based on network connectivity and discovered appliance vulnerabilities. We formulate a strategy to guarantee a reliability value over time, based on heterogeneous networking and periodically running cost-effective partial node migrations. We use numerical evaluations to test our methodology on two software-defined wide-area networks based on known backbone IP topologies. Our significant findings are the following: First, when the network reliability becomes worse than the service guarantee, it can be restored in most cases by combining appliance reallocation and node migration. Second, our evaluations show a direct relationship between a network reliability value and the cost incurred to guarantee it. Third, we noted that, when using our appliance-to-node allocation strategy to guarantee the same reliability on different networks, their post-failure connectivity depends on the underlying network topology.