摘要
针对拟态云系统中代理的安全威胁和单点故障问题,提出一种主备监视的高可用拟态云代理实现方法。首先,在云环境分布式代理基础之上,提出一种主备用监视机制来构建异构的主备代理,备用代理通过镜像流方式分析到达主用代理的流量,并对主用代理输出结果进行交叉验证;其次,基于数据平面开发套件(DPDK)平台设计备用代理的同步裁决机制和无缝的主备切换机制,实现云代理的安全加固与性能优化;最后,提出一种主备切换判决算法以避免主备频繁切换造成的资源浪费。实验结果分析表明,该拟态云代理相较于基于Nginx的云代理,在高并发下的流量处理时延损耗为毫秒级。可见该设计能够大幅提升云代理的安全性和稳定性,减少单点故障对代理稳定性造成的影响。
Aiming at the security threats and single point of failure of the agent in mimic cloud systems,a high-available mimic cloud agent with active-standby monitoring was proposed.Firstly,an active-standby monitoring mechanism based on distributed agents in the cloud environment was proposed to construct heterogeneous active-standby agents.The traffic to the active agent was analyzed by the standby agent through mirroring the traffic,and the output results of the active agent were cross-validated by the standby agent.Secondly,based on the Data Plane Development Kit(DPDK)platform,a synchronous adjudication mechanism for standby agents and a seamless active-standby switching mechanism were designed to achieve security reinforcement and performance optimization of cloud agents.Finally,an active-standby switching decision algorithm was proposed to avoid the waste of resources caused by frequent active/standby switching.Experimental results showed that compared with the traffic processing delay of Nginx based cloud agents,the loss of this mimic cloud agent was milliseconds under high concurrency.It can be seen that the designed method can greatly improve the security and stability of the cloud proxy,and reduce the impact of the single point of failure on the stability of the proxy.
作者
郭乔羽
陈福才
程国振
曾威
肖玉强
GUO Qiaoyu;CHEN Fucai;CHENG Guozhen;ZENG Wei;XIAO Yuqiang(National Digital Switching System Engineering and Technology Research Center,Zhengzhou Henan 450002,China)
出处
《计算机应用》
CSCD
北大核心
2022年第6期1932-1940,共9页
journal of Computer Applications
基金
国家自然科学基金资助项目(62072467,62002383)。
关键词
拟态防御
云代理
主备监视
交叉验证
拟态云系统
mimic defense
cloud agent
active-standby monitoring
cross validation
mimic cloud system
