期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于VXLAN的虚拟网络访问控制方法 被引量:16

A Virtual Network Access Control Method Based on VXLAN
下载PDF
导出
摘要 在云计算环境下,由于安全域的物理边界模糊、同一租户的虚拟化资源跨数据中心等现象,使得传统网络访问控制方法无法满足虚拟网络的实际需求。为此,提出面向云计算虚拟网络的访问控制方法,通过基于虚拟可扩展局域网协议的虚拟网络流量隔离技术,采用虚拟映射和IP组播相结合的方法,为跨数据中心的虚拟机通信提供隧道访问机制,使得不同安全域之间的虚拟流量相互隔离。实验结果证明,虚拟通道终端与虚拟网关相结合,可以对虚拟网络访问进行有效控制和隔离,同时具备较好的协议解析有效性和较高的运行效率。 In the cloud environment,since the physical boundary of security domain blurs,and multi-tenants across the Internet share the same hardware resource pool,traditional network access control method no longer can satisfy the need of virtual network.By researching cloud-oriented virtual network access control method.It uses virtual network traffic isolation technology,IP multicast management and virtual mapping method based on Virtual eXtensible Local Area Network (VXLAN) protocol.It provides tunnel access technology to achieve cross-data center virtual machine communication,and it can isolate virtual flows within each different security domain.Experimental results prove that the using of VXLAN Tunnel End Point (VTEP) combined with the virtual gateway can access the virtual network for effective control and isolation,along with the strong analytical protocol effectiveness and operating efficiency.
作者 卢志刚 姜政伟 刘宝旭
机构地区 中国科学院高能物理研究所计算中心
出处 《计算机工程》 CAS CSCD 2014年第8期86-90,95,共6页 Computer Engineering
基金 国家科技支撑计划基金资助项目(2012BAH14B02) 国家发改委信息安全专项基金资助项目(发改办高技[2012]1424号)
关键词 云计算 虚拟化 网络访问控制 IP组播管理 虚拟可扩展局域网 cloud computing virtualization network access control IP multicast management Virtual eXtensible Local Area Network (VXLAN)
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献12

  • 1冯登国,张敏,张妍,徐震.云计算安全研究[J].软件学报,2011,22(1):71-83. 被引量:1067
  • 2Vastbinder J.Proposed Security Assessment & Authorization for U.S.[EB/OL].(2010-11-25).http://www.infoq.com/news/2010/11/us-govt-cloudcomputing.
  • 3Kreeger L,Dutt D,Narten T,et al.Network Virtualization Overlay Control Protocol Requirements[J].Internet Draft,2012,13 (1):17-21.
  • 4IEEE.P802.1Qbg/D2.2 Draft Standard for Local and Metro-politan Area Networks--Virtual Bridged Local Area Net-works--Amendment XX:Edge Virtual Bridging[EB/OL].(2012-06-05).http://www.ieee802.org/1/pages/802.lbg.html.
  • 5DMTF.Virtual Networking Management White Paper[Z].2012.
  • 6Satyanarayanan M,Gilbert B.Pervasive Personal Computing in an Internet Suspend/Resume System[J].IEEE Internet Computing,2010,11 (2):16-25.
  • 7Nakagawa Y,Hyoudou K.Automated Migration of Port Profile for Multi-level Switches[C]//Proc.of DCCaVES' 11.[S.l.]:IEEE Press,2011:22-29.
  • 8Nakagawa Y,Shimizu T.A Single-Chip,10-Gigabit Ethernet Switch LSI for Energy-efficient Blade Servers[C]//Proc.of GreenCom' 10.[S.l.]:IEEE Press,2010:404-411.
  • 9McKeown N,Anderson T.OpenFlow:Enabling Innovation in Campus Networks[C]//Proc.of SIGCOMM CCR' 08.[S.l.]:IEEE Press,2008:69-74.
  • 10Cisco.Nexus 3064 Switch Data Sheet[EB/OL].[2013-04-07].http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps11541/data sheet c78-651097.html.

二级参考文献24

  • 1罗武庭.DJ—2可变矩形电子束曝光机的DMA驱动程序[J].LSI制造与测试,1989,10(4):20-26. 被引量:373
  • 2Organization for the Advancement of Structured Information Standards (OASIS) http://www.oasis-open.org/.
  • 3Distributed Management Task Force (DMTF) http://www.dmtf.org/home.
  • 4Cloud Security Alliance http://www.cloudsecurityalliance.org.
  • 5Crampton J, Martin K, Wild P. On key assignment for hierarchical access control. In: Guttan J, ed, Proc. of the 19th IEEE Computer Security Foundations Workshop--CSFW 2006. Venice: IEEE Computer Society Press, 2006. 5-7.
  • 6Damiani E, De S, Vimercati C, Foresti S, Jajodia S, Paraboschi S, Samarati P. An experimental evaluation of multi-key strategies for data outsourcing. In: Venter HS, Eloff MM, Labuschagne L, Eloff JHP, Solms RV, eds. New Approaches for Security, Privacy and Trust in Complex Environments, Proc. of the IFIP TC-11 22nd Int'l Information Security Conf. Sandton: Springer-Verlag, 2007. 395-396.
  • 7Bethencourt J, Sahai A, Waters B. Ciphertext-Policy attribute-based encryption. In: Shands D, ed. Proc. of the 2007 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society, 2007. 321-334. [doi: 10.1109/SP.2007.11].
  • 8Yu S, Ren K, Lou W, Li J. Defending against key abuse attacks in KP-ABE enabled broadcast systems. In: Bao F, ed. Proc. of the 5th Int'l Conf. on Security and Privacy in Communication Networks. Singapore: Springer-Verlag, http://www.linkpdf.com/ ebook-viewer.php?url=http://www.ualr.edu/sxyul/file/SecureCommO9_AFKP_ABE.pdf.
  • 9Ibraimi L, Petkovic M, Nikova S, Hartel P, Jonker W. Ciphertext-Policy attribute-based threshold decryption with flexible delegation and revocation of user attributes. Technical Report, Centre for Telematics and Information Technology, University of Twente, 2009.
  • 10Roy S, Chuah M. Secure data retrieval based on ciphertext policy attribute-based encryption (CP-ABE) system for the DTNs. Technical Report, 2009.

共引文献1066

同被引文献76

引证文献16

二级引证文献33

计算机工程
2014年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部