This work addresses the cross-slice security risks arising from virtual network function (VNF) colocation in multi-slice low Earth orbit (LEO) satellite networks by proposing a risk-aware service function chain (SFC) deployment approach. A joint optimization model is formulated to accommodate dynamic constellations while satisfying constraints on satellite capacity, inter-satellite link bandwidth, visibility, and latency, balancing colocation risk, CPU overhead, and VNF migration stability. Innovatively grounded in ISO/NIST principles, a multiplicative colocation risk model is devised, accompanied by both precise and slice-level coarse-grained risk formulations along with their analytical bounds. A three-stage hybrid solver integrates time-slot preprocessing, simulated annealing warm-starting, and branch-and-bound techniques. Experiments demonstrate that, compared to a greedy baseline, the proposed method reduces colocation risk by 40%, decreases avoidable migrations by 80%, incurs negligible CPU overhead, and achieves a solution time of 11 seconds from the second time slot onward—yielding a 23× speedup.

We address cross-slice co-location risk in multi-slice low Earth orbit (LEO) satellite edge networks, where virtual network functions (VNFs) from different network slices sharing the same satellite instance create a cross-slice security exposure channel. We formulate a risk-aware service function chain (SFC) placement problem as a mixed-integer linear program (MILP) over a dynamically evolving LEO satellite constellation, jointly optimizing cross-slice co-location risk, CPU resource consumption, and VNF migration stability under satellite capacity, inter-satellite link (ISL) capacity, visibility, and end-to-end (E2E) delay constraints. The risk model employs a multiplicative co-location formulation, inspired by the risk assessment principles from ISO/NIST frameworks, with exact and coarse (slice-level)formulations that analytically establish bounds on the co-location exposure. To solve this problem, we propose a three-stage hybrid optimizer combining time epoch preprocessing, simulated annealing-based warm-start, and branch-and-bound refinement. Experimental evaluation demonstrates a 40% reduction in co-location risk and an 80% reduction in avoidable VNF migrations relative to the greedy baseline at negligible CPU overhead, and a 23x warm-start speedup from 256s cold-start to 11s per epoch, confirming real-time viability from the second epoch.