摘要
随着云计算的发展,越来越多的传统应用迁移到云上,传统防御体系面对高度灵活的云服务,逐渐左支右绌,疲于应对。围绕云服务安全问题,结合云数据中心的现状,提出多层次细粒度的软件定义防御体系,支撑云服务用户安全弹性定制以及防御策略动态部署。在此体系架构下,进一步提出虚拟化防火墙设计,在数据平面上建立安全插件机制,为云服务用户的流量清洗等逻辑提供高速网络环境。实验结果证明了该体系的技术可行性,并且虚拟化防火墙设计能够满足高性能防御的需求。
With the development of cloud computing,more and more traditional applications are migrated to the cloud.Traditional defense systems are increasingly difficult to adapt to highly flexible cloud services.Around cloud service security,considering the development status of cloud data center,this paper proposes a multi-level,fine-grained software defined defense system to support flexible security customization as well as dynamic deployment of defense strategies.Under this architecture,the design of the virtualized firewall is further proposed,and a security plug-in mechanism is established in the data plane to provide high-speed network environment for cloud service users’traffic cleaning and other logic.The experimental results demonstrate the software defined defense system is technically feasible and the virtualized firewall design fulfills the needs of high-performance defense.
作者
胡卫宏
叶崛宇
闫夏莉
岳巧丽
张海阔
Hu Weihong;Ye Jueyu;Yan Xiali;Yue Qiaoli;Zhang Haikuo(China Internet Network Information Center,Beijing 100190,China)
出处
《计算机应用与软件》
北大核心
2020年第10期307-312,共6页
Computer Applications and Software
基金
国家自然科学基金项目(61303242)。
关键词
云计算
软件定义防御
虚拟化防火墙
数据平面
Cloud computing
Software defined defense
Virtualized firewall
Data plane
