期刊文献+

基于Openflow的私有云虚拟网络结构设计 被引量:1

A virtual network architecture for private cloud based on Openflow
下载PDF
导出
摘要 在私有云发展的过程中也存在一些问题,如虚拟服务器之间的隔离问题,用户操作平台到虚拟服务器之间的访问控制,以及内部攻击等.针对这些问题,提出了一种基于Openflow的私有云虚拟网络结构,将VLAN技术和Openflow相结合,实现了虚拟服务器(组)之间的隔离;使用按需动态安装流(flow)的方法,实现了具有白名单特征的用户操作平台与虚拟服务器之间的访问控制;使用虚拟机克隆的技术,实现了动态响应的弹性安全基础设施来应对内部攻击.通过实验验证:这种虚拟网络结构兼顾了可用性、可靠性和经济性等原则,同时能够起到较好的安全隔离作用. With the development of private cloud,some issues are exposed such as the separation issue between the virtual servers,access control between virtual server and users' operation platforms and insider attacking problem. Focusing on these problems,a virtual network architecture for private cloud based on Openflow is proposed. By combining VLAN and Openflow technology,the separation between virtual servers is enforced. With dynamic installing flow,the access between users' operation platform and virtual server can be well controlled. And the dynamic elastic security infrastructure which is used to response the inside attacking is deployed with virtual machine clone technology. The availability,reliability and economy of this virtual network architecture are considered,and the results of performance tests demonstrate its validity.
出处 《北京交通大学学报》 CAS CSCD 北大核心 2015年第5期15-21,共7页 JOURNAL OF BEIJING JIAOTONG UNIVERSITY
基金 新世纪优秀人才支持计划项目资助(NCET-11-0565) 中央高校基本科研业务费专项资金资助(2012JBZ010) 教育部高校创新团队项目资助(IRT201206) 教育部高等学校博士学科点专项科研基金资助(20120009110007)
关键词 安全隔离 私有云 软件定义网络 访问控制 security separation private cloud software defined network access control
  • 相关文献

参考文献11

  • 1Mell P,Grance T.NIST definition of cloud computing[J].National Institute of Standards and Technology,2009,53(6):50.
  • 2McKeown N,Anderson T,Balakrishnan H,et al.Open- Flow:enabling innovation in campus networks[J].ACM SIGCC3MM Computer Communication Review,2008,38(2):69-74.
  • 3Ma W,Li X,Shi Y,et al.A virtual machine cloning ap- proach based on trusted computing[J].Telkomnika In- donesian Journal of Electrical Engineering,2013,11(11):6935-6942.
  • 4Nadeau T D,Gray K.SDN:Software defined networks[M].Sebastopol:O5 Reilly Media Inc,2013.
  • 5Azodolmolky S,Wieder P,Yahyapour R.Cloud comput- ing networking:challenges and opportunities for innova- tions[J].Communications Magazine,2013,51(7):54-62.
  • 6Cloud security alliance.SDP Specification vl.0[EB/OL].https://cloudsecurityalliance.org/research/sdp/,2014-4-30.
  • 7裘晓峰,赵粮,高腾.VSA和SDS:两种SDN网络安全架构的研究[J].小型微型计算机系统,2013,34(10):2298-2303. 被引量:15
  • 8Shin S,Porras P A,Yegneswaran V,et al.FRESCO:Modular composable security services for software-defined networks[C]//NDSS,2013:314-329.
  • 9崔竞松,郭迟,陈龙,张雅娜,Dijiang HUANG.创建软件定义网络中的进程级纵深防御体系结构[J].软件学报,2014,25(10):2251-2265. 被引量:20
  • 10Shanmugam P K,Subramanyam N D,Breen J,et al.DEIDtect:towards distributed elastic intrusion detection[C]//Proceedings of the ACM SIGCOMM Workshop on Distributed Cloud Computing,2014:17-24.

二级参考文献7

共引文献33

同被引文献8

引证文献1

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部