Sharing security virtual network functions across tenant slices on LEO satellites forces a trade-off between resource efficiency and security isolation that conventional MILP solvers can't handle past a handful of slices.
Why Shared VNFs on LEO Satellites Create a Moving Attack Surface
Onboard compute and networking on LEO satellites are severely constrained. No tenant gets dedicated VNFs; slices must share instances on the same satellite. That sharing opens cross-slice side-channel risks. The attack surface doesn't stay put — visibility, orbital motion, and inter-satellite topology change every epoch, making VNF migration a structural necessity. Resource efficiency, service continuity, and security isolation become a single coupled problem.
The authors model this as a multi-slice mixed-integer linear programming (MILP) problem. Its core is a co-location risk model grounded in ISO/NIST principles with analytic bounds. They separate migrations that are avoidable from those forced by orbital dynamics. The catch: the joint program scales quadratically with cross-slice co-location terms.
An ADMM-Inspired Decomposition That Actually Scales
To escape the quadratic wall, the team develops two ADMM-style decompositions: S-ADMM (sequential) and P-ADMM (parallel with collision repair). Both recast the coupling as a linear per-slice penalty, yielding independent subproblems. No more monolithic MILP that blows up.
Simulation Results That Back the Math
Testing over a Walker-Delta satellite constellation, the framework eliminates co-location risk entirely, reduces SFC migrations, and sustains full delay compliance. All while staying feasible within the per-epoch compute budget for slice counts where the security-aware MILP is intractable.
For satellite operators managing dozens of tenants per orbital shell, this decomposition turns an intractable configuration problem into a schedulable one.
Source: Scalable Security and Migration-Aware SFC Provisioning in LEO Satellite Networks
Domain: arxiv.org
Comments load interactively on the live page.