面向服务的数据中心安全框架

胡腾; 李观文; 周华春

doi:10.11959/j.issn.1000-0801.2018031

您当前的位置：

首页 >

文章列表页 >

面向服务的数据中心安全框架

研究与开发 | 更新时间：2024-06-05

- 面向服务的数据中心安全框架
- Service-oriented security framework for datacenter networks
- 电信科学 2018年34卷第1期页码：8-16
- 作者机构：
  
  1. 中国工程物理研究院计算机应用研究所，四川绵阳621900
  2. 北京交通大学电子信息工程学院，北京 100044
- 作者简介：
  
  [ "胡腾（1988−），男，中国工程物理研究院计算机应用研究所工程师，主要研究方向为计算机技术与信息安全。" ]
  [ "李观文（1992−），男，北京交通大学电子信息工程学院博士生，主要研究方向为软件定义网络与网络安全。" ]
  [ "周华春（1965−），男，博士，北京交通大学电子信息工程学院教授、博士生导师，主要研究方向为移动互联网、网络安全与卫星网络。" ]
- 基金信息：
  
  NSAF联合基金资助项目;NSAF(U1530118);国家自然科学基金资助项目;The National Natural Science Foundation of China(61271202);国防基础科研基金资助项目;National Defense Basic Scientific Research Program of China(JCKY2016212C005)
- DOI：10.11959/j.issn.1000-0801.2018031
  中图分类号： TP393
- 网络出版日期：2018-01，
  
  纸质出版日期：2018-01-20
- 稿件说明：
移动端阅览
胡腾, 李观文, 周华春. 面向服务的数据中心安全框架[J]. 电信科学, 2018,34(1):8-16.

Teng HU, Guanwen LI, Huachun ZHOU. Service-oriented security framework for datacenter networks[J]. Telecommunications science, 2018, 34(1): 8-16.
胡腾, 李观文, 周华春. 面向服务的数据中心安全框架[J]. 电信科学, 2018,34(1):8-16. DOI： 10.11959/j.issn.1000-0801.2018031.

Teng HU, Guanwen LI, Huachun ZHOU. Service-oriented security framework for datacenter networks[J]. Telecommunications science, 2018, 34(1): 8-16. DOI： 10.11959/j.issn.1000-0801.2018031.

摘要

随着数据中心网络在云计算领域的大规模商用，数据网络的安全问题愈发受到重视。然而，由于传统数据中心安全设备部署方式静态僵化，难以满足动态多变的网络安全态势，无法应对新的安全威胁。因此，提出一种面向服务的数据中心安全框架。基于虚拟化技术和软件定义网络，将虚拟化的安全功能灵活组合，并实现安全策略动态更新的过程。通过原型系统测试验证了所提安全框架的可行性和有效性，为数据中心网络的灵活性和安全性提升提供了一种解决方案。

Abstract

With the large-scale deployment of datacenters in cloud computing

there is an increasing attention to their security issues.However

with the ossify deployment of traditional security devices

it is hard to meet the requirements of dynamical network security situation and copy with new kinds of security threats.Therefore

a service-oriented security framework for datacenter networks was proposed

which was able to compose the virtualized security functions flexibly and update the security policies dynamically based on virtualization technology and software-defined networking.With the implementation of prototype

the feasibility and availability of the proposed security framework was proved

and a solution to promote the flexibility and security of datacenter networks was provided.

关键词

Keywords

references

Cisco . Cisco Data Center Security Study [R ] . 2017 .

韦乐平 . SDN的战略性思考 [J ] . 电信科学 , 2015 , 31 ( 1 ): 7 - 12 .

WEI L P . Strategic thinking on SDN [J ] . Telecommunications Science , 2015 , 31 ( 1 ): 7 - 12 .

王歆平 , 王茜 , 刘恩慧 , 等 . 基于 SDN 的按需智能路由系统研究与验证 [J ] . 电信科学 , 2014 , 30 ( 4 ): 8 - 14 .

WANG X P , WANG Q , LIU E H , et al . Research and verification on SDN-based on-demand smart routing system [J ] . Telecommunications Science , 2014 , 30 ( 4 ): 8 - 14 .

李丹 , 刘方明 , 郭得科 , 等 . 软件定义的云数据中心网络基础理论与关键技术 [J ] . 电信科学 , 2014 , 30 ( 6 ): 48 - 59 .

LI D , LIU F M , GUO D K , et al . Fundamental theory and key technology of software defined cloud data center network [J ] . Telecommunications Science , 2014 , 30 ( 6 ): 48 - 59 .

HAN B , GOPALAKRISHNAN V , JI L , et al . Network function virtualization:challenges and opportunities for innovations [J ] . IEEE Communications Magazine , 2015 , 53 ( 2 ): 90 - 97 .

NICK M , TOM A , HARI B , et al . OpenFlow:enabling innovation in campus networks [J ] . ACM SIGCOMM Computer Communication Review , 2008 , 38 ( 2 ): 69 - 74 .

CHUNG C J , XING T , HUANG D , et al . SeReNe:on establishing secure and resilient networking services for an SDN-based multi-tenant datacenter environment [C ] // IEEE International Conference on Dependable Systems and Networks Workshops,June 22-25,2015,Rio de Janeiro,Brazil . Piscataway:IEEE Press , 2015 .

AMMAR M , RIZK M , ABDEL-HAMID A , et al . A framework for security enhancement in SDN-based datacenters [C ] // 2016 8th IFIP International Conference on New Technologies,Mobility and Security,November 21-23,2016,Larnaca,Cyprus . Piscataway:IEEE Press , 2016 .

JOEL H , CARLOS P Service function chaining,RFC Editor,October 2015 [R/OL ] .(2015-10-01)[2017-11-14 ] . https://www.rfc-editor.org/rfc/rfc7665.txt https://www.rfc-editor.org/rfc/rfc7665.txt .

KUMAR S , TUFAIL M , MAJEE S , et al . Service function chaining use cases in data centers.Internet-Draft draft-ietf- sfcdc-use-cases-06 [RB/OL ] .(2017-01-01)[2017-11-14 ] . http://www.ietf.org/internet-drafts/draft-ietf-sfc-dc-use-cases-06.txt http://www.ietf.org/internet-drafts/draft-ietf-sfc-dc-use-cases-06.txt .

LEIVADEAS A , FALKNER M , LAMBADARIS I , et al . Resource management and orchestration for a dynamic service chain steering model [C ] // IEEE Global Communications Conference,December 4-8,2016,Washington,DC,USA . Piscataway:IEEE Press , 2016 .

WANG X , LIU Z , LI J , et al . Tualatin:towards network security service provision in cloud datacenters [C ] // 2014 3rd International Conference on Computer Communication and Networks,August 4-7,2014,Shanghai,China . Piscataway:IEEE Press , 2016 .

KUMAR D , TUFAIL E , MAJEE L , et al . Framework for interface to network security functions.Internet-Draft draftietf-i2nsf-framework-08,IETF Secretariat,October 2017 [R/OL ] .(2017-10-10)[2017-11-10 ] . https://www.ietf.org /archive/id/draftietf-i2nsf-framework-08.txt https://www.ietf.org /archive/id/draftietf-i2nsf-framework-08.txt .

OpenDaylight SFC project [EB/OL ] .(2016-10-21)[2017-11-10 ] . https://github.com/opendaylight/sfc https://github.com/opendaylight/sfc .

Docker [EB/OL ] .(2017-01-01)[2017-11-10 ] . https://www.docker.com https://www.docker.com .

Open vSwitch [EB/OL ] .(2016-01-01)[2017-11-10 ] . http://openvswitch.org http://openvswitch.org .

Redis [EB/OL ] .(2017-01-01)[2017-11-10 ] . https://redis.io https://redis.io .

Openstack [EB/OL ] .(2017-01-01)[2017-11-10 ] . https://www.openstack.org https://www.openstack.org .

Iptables [EB/OL ] .(2014-01-01)[2017-11-10 ] . http://www.netfilter.org/projects/iptables/index.html http://www.netfilter.org/projects/iptables/index.html .

Snort [EB/OL ] .(2017-01-01)[2017-11-10 ] . https://www.snort.org https://www.snort.org .

PAUL Q , URI E , CARLOS P , et al . Network service header (NSH):Internet-Draft draft-ietf-sfc-nsh-28 [EB/OL ] .(2017-11-03)[2017-11-10 ] . http://www.ietf.org/internet-drafts/draft-ietf-sfcnsh-28.txt http://www.ietf.org/internet-drafts/draft-ietf-sfcnsh-28.txt .

Conf D [EB/OL ] .(2017-01-01)[2017-11-10 ] . http://developer.cisco.com/site/confd http://developer.cisco.com/site/confd .

浏览量

1057

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据