arxiv: 2605.03656 · v1 · submitted 2026-05-05 · 💻 cs.NI

Recognition: unknown

Cross-Slice Co-Location Risk-Aware SFC Provisioning in Multi-Slice LEO Satellite Networks

Mohammed Mahyoub , Wael Jaafar , Sami Muhaidat , Halim Yanikomeroglu

Authors on Pith no claims yet

Pith reviewed 2026-05-07 13:05 UTC · model grok-4.3

classification 💻 cs.NI

keywords cross-slice co-location riskSFC provisioningLEO satellite networksVNF placementrisk-aware optimizationmulti-slice networkshybrid solvermigration stability

0 comments

The pith

A hybrid optimizer for risk-aware SFC placement reduces cross-slice co-location exposure in multi-slice LEO satellite networks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper formulates service function chain provisioning as a mixed-integer linear program that jointly minimizes a multiplicative cross-slice co-location risk, CPU usage, and unnecessary VNF migrations while respecting satellite capacity, inter-satellite links, visibility windows, and end-to-end delay limits. It introduces exact and slice-level versions of the risk model that bound exposure when virtual functions from different slices share a satellite. A three-stage solver preprocesses time epochs, generates a warm start via simulated annealing, and refines the solution with branch-and-bound. Experiments show this yields lower risk and far fewer migrations than a greedy baseline while converging fast enough for repeated use after the initial epoch.

Core claim

By modeling cross-slice co-location risk multiplicatively and solving the resulting MILP over a time-evolving LEO constellation with a three-stage hybrid optimizer, the placement of VNFs from multiple slices can be made both more secure and more stable than greedy assignment while satisfying all capacity and delay constraints.

What carries the argument

The three-stage hybrid optimizer that preprocesses time epochs, applies simulated annealing for a warm start, and refines solutions with branch-and-bound to solve the risk-aware MILP for SFC placement.

If this is right

Placement decisions maintain visibility and delay constraints while lowering the chance that functions from different slices share a satellite.
Fewer avoidable VNF migrations reduce overhead in a constellation where satellites move rapidly in and out of view.
The warm-start method enables repeated optimization from the second epoch onward without repeating the full cold-start cost.
The approach incurs only negligible extra CPU time relative to simpler baselines, supporting deployment on edge satellite processors.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The preprocessing and warm-start stages could be reused for other optimization problems on time-varying topologies such as drone or vehicular networks.
The exact versus coarse risk bounds might support faster approximation algorithms when constellations grow beyond the sizes tested here.
Integrating measured satellite hardware failure rates into the risk model could turn the current security metric into a combined reliability-and-security objective.

Load-bearing premise

The multiplicative co-location risk formulation accurately captures the security exposure under the stated satellite capacity, ISL, visibility, and E2E delay constraints.

What would settle it

Running the optimizer on a larger or differently parameterized LEO constellation and checking whether the predicted 40% risk reduction and 80% migration reduction still hold when measured against actual or emulated breach probabilities.

Figures

Figures reproduced from arXiv: 2605.03656 by Halim Yanikomeroglu, Mohammed Mahyoub, Sami Muhaidat, Wael Jaafar.

**Figure 1.** Figure 1: Proposed 3-stage hybrid optimization workflow. Prepro view at source ↗

**Figure 3.** Figure 3: Mean active-satellite CPU utilization (light bars) and view at source ↗

**Figure 4.** Figure 4: Avoidable VNF migrations per epoch for each method. view at source ↗

**Figure 5.** Figure 5: Per-epoch solve runtime for each method. view at source ↗

**Figure 6.** Figure 6: Mean Risk LB , Risk ex, and Risk UB for each method. baselines, the same equality holds due to the small number of users per slice relative to available instances. Despite the loose lower bound, the coarse model drives placement decisions that achieve near-optimal exact risk, confirming its practical effectiveness as an optimization proxy. V. CONCLUSION AND FUTURE WORK This paper formulated risk-aware SFC … view at source ↗

read the original abstract

We address cross-slice co-location risk in multi-slice low Earth orbit (LEO) satellite edge networks, where virtual network functions (VNFs) from different network slices sharing the same satellite instance create a cross-slice security exposure channel. We formulate a risk-aware service function chain (SFC) placement problem as a mixed-integer linear program (MILP) over a dynamically evolving LEO satellite constellation, jointly optimizing cross-slice co-location risk, CPU resource consumption, and VNF migration stability under satellite capacity, inter-satellite link (ISL) capacity, visibility, and end-to-end (E2E) delay constraints. The risk model employs a multiplicative co-location formulation, inspired by the risk assessment principles from ISO/NIST frameworks, with exact and coarse (slice-level)formulations that analytically establish bounds on the co-location exposure. To solve this problem, we propose a three-stage hybrid optimizer combining time epoch preprocessing, simulated annealing-based warm-start, and branch-and-bound refinement. Experimental evaluation demonstrates a 40% reduction in co-location risk and an 80% reduction in avoidable VNF migrations relative to the greedy baseline at negligible CPU overhead, and a 23x warm-start speedup from 256s cold-start to 11s per epoch, confirming real-time viability from the second epoch.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper gives a workable MILP for risk-aware SFC placement in dynamic LEO networks plus a hybrid solver that cuts migrations and risk scores fast, but the security payoff depends on an untested multiplicative proxy.

read the letter

This paper's main point is a MILP that places service function chains across slices in a moving LEO constellation while trading off a multiplicative co-location risk term, CPU load, and migration count under ISL, visibility, and delay limits. The three-stage solver (epoch prep, simulated annealing warm-start, branch-and-bound) produces the reported 40% risk cut and 80% migration drop versus greedy, plus the 23x speedup to 11 seconds per epoch after the first one. Those numbers are the practical takeaway for anyone who needs to run this kind of placement in real time.

Referee Report

3 major / 1 minor

Summary. The paper formulates a mixed-integer linear program (MILP) for provisioning service function chains (SFCs) in multi-slice LEO satellite networks that jointly minimizes cross-slice co-location risk (via multiplicative exact and slice-level models inspired by ISO/NIST), CPU consumption, and VNF migrations, subject to satellite capacity, ISL, visibility, and E2E delay constraints. It proposes a three-stage hybrid solver (epoch preprocessing, simulated annealing warm-start, branch-and-bound) and reports 40% risk reduction, 80% fewer avoidable migrations, and 23x warm-start speedup versus a greedy baseline.

Significance. If the multiplicative risk model proves a faithful proxy for cross-slice exposure, the approach could enable practical secure multi-tenancy in dynamic LEO edge environments. The hybrid optimizer's demonstrated real-time viability after the first epoch and analytical risk bounds are concrete strengths that would support deployment in capacity-constrained satellite constellations.

major comments (3)

[Abstract] Abstract: the headline 40% co-location risk reduction and 80% migration reduction rest on the multiplicative formulation being an accurate proxy for security exposure, yet no mapping is provided from the product term to measurable probabilities of side-channel leakage, resource contention, or isolation failure under the stated ISL, visibility, and orbital constraints. This is load-bearing for the central claim.
[Experimental evaluation] Experimental evaluation (assumed §5): reported gains lack error bars, number of independent runs, sensitivity analysis over satellite density or traffic loads, and full parameter settings, so the robustness of the 23x speedup and risk improvements cannot be verified from the given information.
[Risk model] Risk model section: while analytical bounds are claimed for the exact and coarse formulations, the manuscript provides no concrete validation or attack-vector simulation showing that optimizing the internal multiplicative metric correlates with reduced real-world cross-slice exposure in LEO topologies.

minor comments (1)

[Abstract] Abstract contains a typographical error: 'coarse (slice-level)formulations' is missing a space before 'formulations'.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive comments on our manuscript. We address each major comment point by point below, providing the strongest honest defense of the work while indicating revisions where the manuscript can be strengthened.

read point-by-point responses

Referee: [Abstract] Abstract: the headline 40% co-location risk reduction and 80% migration reduction rest on the multiplicative formulation being an accurate proxy for security exposure, yet no mapping is provided from the product term to measurable probabilities of side-channel leakage, resource contention, or isolation failure under the stated ISL, visibility, and orbital constraints. This is load-bearing for the central claim.

Authors: The multiplicative risk model is explicitly positioned as a proxy metric derived from ISO/NIST risk assessment principles for quantifying co-location exposure, rather than a calibrated probabilistic model of specific side-channel or isolation failures. The paper's core contribution is the joint MILP optimization and hybrid solver that minimizes this defined metric subject to the network constraints; the reported reductions are with respect to the proxy, not claimed real-world attack probabilities. We will revise the abstract and add a clarifying sentence in the introduction to state the proxy nature and its analytical bounds more explicitly. revision: partial
Referee: [Experimental evaluation] Experimental evaluation (assumed §5): reported gains lack error bars, number of independent runs, sensitivity analysis over satellite density or traffic loads, and full parameter settings, so the robustness of the 23x speedup and risk improvements cannot be verified from the given information.

Authors: We agree that these details improve verifiability. The experiments were performed over 10 independent runs per scenario with the reported averages; we will add error bars (standard deviation), a sensitivity study varying satellite density and traffic intensity, and a complete parameter table (including all MILP coefficients, SA settings, and orbital parameters) to the revised Section 5 and appendix. revision: yes
Referee: [Risk model] Risk model section: while analytical bounds are claimed for the exact and coarse formulations, the manuscript provides no concrete validation or attack-vector simulation showing that optimizing the internal multiplicative metric correlates with reduced real-world cross-slice exposure in LEO topologies.

Authors: The manuscript derives analytical bounds on the exact and slice-level multiplicative formulations and demonstrates the optimizer's ability to minimize the metric; it does not include attack-vector simulations because that would require a separate threat model, side-channel emulator, and LEO-specific attack traces outside the paper's scope of algorithmic provisioning. We will insert a short discussion subsection noting the model's assumptions and identifying empirical correlation as future work. revision: partial

Circularity Check

0 steps flagged

No significant circularity; risk model and optimizer are externally grounded

full rationale

The paper formulates an MILP for SFC provisioning that incorporates a multiplicative co-location risk model explicitly inspired by external ISO/NIST risk-assessment principles, then derives analytical bounds on exposure from that model. The solution uses standard preprocessing, simulated annealing warm-start, and branch-and-bound refinement. Experimental metrics (risk reduction, migration counts, runtime) are direct outputs of optimizing the stated objective under the listed constraints; they do not reduce to fitted parameters or self-referential definitions. No self-citations appear as load-bearing premises, and the central claims remain independent of the inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the accuracy of the multiplicative risk model and the completeness of the listed constraints for the LEO setting. No explicit free parameters beyond standard optimization variables are identified in the abstract.

axioms (1)

domain assumption The multiplicative co-location formulation analytically bounds exposure in line with ISO/NIST risk assessment principles.
Invoked to define the risk term inside the MILP objective and constraints.

pith-pipeline@v0.9.0 · 5549 in / 1320 out tokens · 71459 ms · 2026-05-07T13:05:55.754242+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Reference graph

Works this paper leans on

24 extracted references

[1]

Future space networks: Toward the next giant leap for humankind,

M. Y . Abdelsadek, A. U. Chaudhry, T. Darwish, E. Erdogan, G. Karabulut-Kurt, P. G. Madoery, O. Ben Yahia, and H. Yanikomeroglu, “Future space networks: Toward the next giant leap for humankind,” IEEE Trans. Commun., vol. 71, no. 2, pp. 949–1007, 2023

2023
[2]

A technical comparison of three low earth orbit satellite constellation systems to provide global broadband,

I. del Portillo, B. G. Cameron, and E. F. Crawley, “A technical comparison of three low earth orbit satellite constellation systems to provide global broadband,”Acta Astronautica, vol. 159, pp. 123–135, 2019

2019
[3]

On the optimal deployment of virtual network functions in non-terrestrial segments,

A. Petrosino, G. Piro, L. A. Grieco, and G. Boggia, “On the optimal deployment of virtual network functions in non-terrestrial segments,” IEEE Trans. Netw. Serv. Mngt., vol. 20, no. 4, pp. 4831–4845, 2023

2023
[4]

STARS: Stability-aware SFC orchestration and associations in LEO satellite networks,

M. Mahyoub, W. Jaafar, S. Muhaidat, and H. Yanikomeroglu, “STARS: Stability-aware SFC orchestration and associations in LEO satellite networks,”IEEE Trans. Netw. Serv. Mngt., vol. 23, pp. 3326–3340, 2026

2026
[5]

Cost-aware dynamic SFC mapping and scheduling in SDN/NFV-enabled space–air–ground- integrated networks for internet of vehicles,

J. Li, W. Shi, H. Wu, S. Zhang, and X. Shen, “Cost-aware dynamic SFC mapping and scheduling in SDN/NFV-enabled space–air–ground- integrated networks for internet of vehicles,”IEEE Internet of Things Journal, vol. 9, no. 8, pp. 5824–5838, 2022

2022
[6]

Security analysis of critical 5G interfaces,

M. Mahyoub, A. AbdulGhaffar, E. Alalade, E. Ndubisi, and A. Matrawy, “Security analysis of critical 5G interfaces,”IEEE Communications Surveys & Tutorials, vol. 26, no. 4, pp. 2382–2410, 2024

2024
[7]

Towards cost optimization in security-aware service function chaining and embedding over multi-vendor edge networks,

C. Wang, D. Zheng, X. Liu, W. Tang, H. Xu, and X. Cao, “Towards cost optimization in security-aware service function chaining and embedding over multi-vendor edge networks,”Computer Networks, vol. 257, p. 111002, 2025

2025
[8]

Virtual network embedding: Literature assessment, recent advancements, opportunities, and challenges,

A. Satpathy, M. Narayan Sahoo, C. Swain, P. Bellavista, M. Guizani, K. Muhammad, and S. Bakshi, “Virtual network embedding: Literature assessment, recent advancements, opportunities, and challenges,”IEEE Communications Surveys & Tutorials, vol. 27, no. 6, pp. 3861–3914, 2025

2025
[9]

Energy- and reliability-aware provisioning of parallelized service function chains with delay guarantees,

V . R. Chintapalli, B. R. Killi, R. Partani, B. R. Tamma, and C. S. R. Murthy, “Energy- and reliability-aware provisioning of parallelized service function chains with delay guarantees,”IEEE Transactions on Green Communications and Networking, vol. 8, no. 1, pp. 205–223, 2024

2024
[10]

Multiobjective genetic algorithm for fast service function chain reconfig- uration,

K. Alizadeh Noghani, A. Kassler, J. Taheri, P. ¨Ohl´en, and C. Curescu, “Multiobjective genetic algorithm for fast service function chain reconfig- uration,”IEEE Trans. Netw. Serv. Mngt., vol. 20, no. 3, pp. 3501–3522, 2023

2023
[11]

Cost-efficient cluster migration of VNFs for service function chain embedding,

S. N. Afrasiabi, A. Ebrahimzadeh, N. Promwongsa, C. Mouradian, W. Li, A. Recse, R. Szab ´o, and R. H. Glitho, “Cost-efficient cluster migration of VNFs for service function chain embedding,”IEEE Trans. Netw. Serv. Mngt., vol. 21, no. 1, pp. 979–993, 2024

2024
[12]

Service function chaining in LEO satellite networks via multi-agent reinforcement learning,

K. Doan, M. Avgeris, A. Leivadeas, I. Lambadaris, and W. Shin, “Service function chaining in LEO satellite networks via multi-agent reinforcement learning,” inIEEE Glob. Commun. Conf. (GLOBECOM), 2023, pp. 7145–7150

2023
[13]

Service-aware resource orchestration in ultra-dense LEO satellite-terrestrial integrated 6G: A service function chain approach,

X. Qin, T. Ma, Z. Tang, X. Zhang, H. Zhou, and L. Zhao, “Service-aware resource orchestration in ultra-dense LEO satellite-terrestrial integrated 6G: A service function chain approach,”IEEE Transactions on Wireless Communications, vol. 22, no. 9, pp. 6003–6017, 2023

2023
[14]

Delay-aware and resource-efficient VNF placement in 6G non-terrestrial networks,

Y . Yue, X. Tang, W. Yang, X. Zhang, Z. Zhang, C. Gao, and L. Xu, “Delay-aware and resource-efficient VNF placement in 6G non-terrestrial networks,” inIEEE WCNC, 2023, pp. 1–6

2023
[15]

Toward resilient network slicing for satellite–terrestrial edge computing IoT,

H. H. Esmat, B. Lorenzo, and W. Shi, “Toward resilient network slicing for satellite–terrestrial edge computing IoT,”IEEE Internet of Things Journal., vol. 10, no. 16, pp. 14 621–14 645, 2023

2023
[16]

Towards automatic network slicing for the Internet of space things,

A. Kak and I. F. Akyildiz, “Towards automatic network slicing for the Internet of space things,”IEEE Trans. Netw. Serv. Mngt., vol. 19, no. 1, pp. 392–412, 2022

2022
[17]

An optimal allocation framework of security virtual network functions in 6G satellite deployments,

A. Petrosino, G. Piro, L. A. Grieco, and G. Boggia, “An optimal allocation framework of security virtual network functions in 6G satellite deployments,” inIEEE Consum. Commun. Network. Conf. (CCNC), 2022, pp. 917–920

2022
[18]

On the impact of flooding attacks on 5G slicing with different VNF sharing configurations,

A. AbdulGhaffar, M. Mahyoub, and A. Matrawy, “On the impact of flooding attacks on 5G slicing with different VNF sharing configurations,” inDRCN, 2024, pp. 136–142

2024
[19]

A security- aware network function sharing model for 5G slicing,

M. Mahyoub, A. AbdulGhaffar, E. Alalade, and A. Matrawy, “A security- aware network function sharing model for 5G slicing,”SECURITY AND PRIVACY, vol. 8, no. 3, p. e70039, 2025

2025
[20]

Security of satellite-terrestrial communications: Challenges and potential solutions,

I. Ahmad, J. Suomalainen, P. Porambage, A. Gurtov, J. Huusko, and M. H ¨oyhty¨a, “Security of satellite-terrestrial communications: Challenges and potential solutions,”IEEE Access, vol. 10, pp. 96 038– 96 052, 2022

2022
[21]

Low earth orbit satellite security and reliability: Issues, solutions, and the road ahead,

P. Yue, J. An, J. Zhang, J. Ye, G. Pan, S. Wang, P. Xiao, and L. Hanzo, “Low earth orbit satellite security and reliability: Issues, solutions, and the road ahead,”IEEE Communication Surveys & Tutorials., vol. 25, no. 3, pp. 1604–1652, 2023

2023
[22]

Visibility-aware user association and resource allocation in multi-slice leo satellite networks,

M. Mahyoub, H. Yanikomeroglu, G. Karabulut Kurt, and S. Martel, “Visibility-aware user association and resource allocation in multi-slice leo satellite networks,”IEEE Trans. Netw. Serv. Mngt., vol. 23, pp. 1596–1614, 2026

2026
[23]

M. R. Garey and D. S. Johnson,Computers and Intractability: A Guide to the Theory of NP-Completeness. New York, NY , USA: W. H. Freeman and Company, 1979

1979
[24]

Study on new radio (NR) to support non-terrestrial network,

“Study on new radio (NR) to support non-terrestrial network,” 3GPP, Sophia Antipolis, France, Technical Report TR 38.811, 2020

2020