摘要
在私有云发展的过程中也存在一些问题,如虚拟服务器之间的隔离问题,用户操作平台到虚拟服务器之间的访问控制,以及内部攻击等.针对这些问题,提出了一种基于Openflow的私有云虚拟网络结构,将VLAN技术和Openflow相结合,实现了虚拟服务器(组)之间的隔离;使用按需动态安装流(flow)的方法,实现了具有白名单特征的用户操作平台与虚拟服务器之间的访问控制;使用虚拟机克隆的技术,实现了动态响应的弹性安全基础设施来应对内部攻击.通过实验验证:这种虚拟网络结构兼顾了可用性、可靠性和经济性等原则,同时能够起到较好的安全隔离作用.
With the development of private cloud,some issues are exposed such as the separation issue between the virtual servers,access control between virtual server and users' operation platforms and insider attacking problem. Focusing on these problems,a virtual network architecture for private cloud based on Openflow is proposed. By combining VLAN and Openflow technology,the separation between virtual servers is enforced. With dynamic installing flow,the access between users' operation platform and virtual server can be well controlled. And the dynamic elastic security infrastructure which is used to response the inside attacking is deployed with virtual machine clone technology. The availability,reliability and economy of this virtual network architecture are considered,and the results of performance tests demonstrate its validity.
出处
《北京交通大学学报》
CAS
CSCD
北大核心
2015年第5期15-21,共7页
JOURNAL OF BEIJING JIAOTONG UNIVERSITY
基金
新世纪优秀人才支持计划项目资助(NCET-11-0565)
中央高校基本科研业务费专项资金资助(2012JBZ010)
教育部高校创新团队项目资助(IRT201206)
教育部高等学校博士学科点专项科研基金资助(20120009110007)
关键词
安全隔离
私有云
软件定义网络
访问控制
security separation
private cloud
software defined network
access control