The research and practice of dynamic network security architecture for IaaS platform
The network security requirements based on virtual network technologies in IaaS platforms and corresponding solutions were reviewed A dvnamic network securitv architecture was proposed.which was built on the technologies of software defined networking.VM (virtual machinel traffic redirection network policy unified management.sofiware defined isolation network.vulnerabilitv scanning and sofiware update.The proposed architecture was able to obtain the capacitiesof detection and access control for VM traffic bv redirecting VM traffic to configurable security appliances.and ensure the effectiveness of network policies in total life cvcle of VM by configuring the policies to right place at the appropriate hme point according to the impacts that brought by VM state transitions The virtual isolation domains for tenants” VMs could be built flexiblv based on VLAN policies or Netfilterilptables firewall appliances.and vulnerabilitv scanning as a service and sofiware update as a ser- vice were provided as security supports Through cooperation with IDS appliances and automatic alarm mechanisms.the proposed architecture could mitigate a wide range of network-based attacks dvnamicallv The experimental results demonstrated the effectiveness of the proposed architecture.
cloud computing network security IaaS life cycle network policy
国内会议
湖北恩施
英文
1-10
2014-09-13(万方平台首次上网日期,不代表论文的发表时间)