摘要
从跨网交换系统的安全检查需求出发,分析了当前的跨网安全检查方式,提出了一种新型跨网安全资源服务架构。该架构采用安全功能资源池化技术,设计了安全功能接口、安全功能的服务化封装和安全资源的服务化访问;采用安全服务编排技术,能够根据跨网交换系统的安全需求,提供高效、灵活、可编排的安全服务,并提出了可以动态调整、并行检查的安全功能链构建方法。跨网安全资源服务架构不仅可以支撑未来跨网交换系统对安全功能的能力要求,还可以为其他信息系统提供更好的安全服务支撑和保障。
Based on the security inspection requirements of cross-network switching systems,this paper analyzes the current cross-network security inspection methods and proposes a new cross-network security resource service framework.The framework,with security function resource pooling technology,designs the security function interface,service encapsulation of security function and service access of security resource.This system,with security service arrangement technology,can provide efficient,flexible and schedulable security services in accordance with the security requirements of the cross-network switching system.In addition,this paper proposes a method to construct a security function chain that can be dynamically adjusted and checked concurrently.The network security resource service framework can not only support the ability requirement of the future cross-network exchange system for security function,but also provide better security service support and guarantee for other information systems.
作者
程永新
廖竣锴
付江
张建辉
CHENG Yong-xin;LIAO Jun-kai;FU Jiang;ZHANG Jian-hui(No.30 Institute of CETC,Chengdu Sichuan 610041,China;China Cyber Security,Chengdu Sichuan 610041,China)
出处
《通信技术》
2019年第11期2765-2769,共5页
Communications Technology
关键词
跨网交换
安全功能
资源池
服务编排
cross-network switching
security function
resource pooling
service orchestration