摘要
网络访问控制技术是保障网络通信系统安全的主要技术之一,在传统数据中心、园区网和企业网得到普遍应用。虚拟化环境下,传统的基于交换机物理端口的网络访问控制技术很难对虚拟机网络访问进行有效控制。文章全面分析了虚拟化环境下导致传统网络访问控制技术失效的原因,并据此提出了面向虚拟化环境的网络访问控制系统框架VE-NAC,设计了适用于虚拟化环境的网络访问控制流程。该框架与802.1x协议兼容,不需要对认证客户端进行修改。文章在openstack虚拟化环境下对VE-NAC予以实现,并对VE-NAC原型系统进行了功能测试和延迟测试,验证了VE-NAC在虚拟化环境中实施网络访问控制的有效性和可行性。
Network access control technology is one of the main technologies to ensure the security of network communication systems.It is widely used in traditional data centers,campus networks and enterprise networks.However,in virtualized environment,traditional port-based network access control(PNAC)is difficult to effectively control virtual machine network access.This paper comprehensively analyzes the reasons of the failure of traditional network access control technology in virtualized environment,develops a network access control framework VE-NAC for virtualized environment,and designs the network access control process suitable for virtualized environment.VE-NAC is compatible with 802.1x protocol and does not need to modify the authentication client.This paper implements VE-NAC in openstack virtualization environment,and tests the functions and delay of VE-NAC prototype system,which verifies the validity and feasibility of VE-NAC implementing network access control in virtualization environment.
作者
时向泉
陶静
赵宝康
SHI Xiangquan;TAO Jing;ZHAO Baokang(College of Computer,National University of Defense Technology,Changsha Hunan 410073,China)
出处
《信息网络安全》
CSCD
北大核心
2019年第10期1-9,共9页
Netinfo Security
基金
国家自然科学基金[61601483]
国家重点研发计划[2017YFB0802300]
