面向服务的数据中心安全框架

doi:10.11959/j.issn.1000-0801.2018031

电信科学 ›› 2018, Vol. 34 ›› Issue (1): 8-16.doi: 10.11959/j.issn.1000-0801.2018031

面向服务的数据中心安全框架

胡腾¹,李观文²,周华春²

¹ 中国工程物理研究院计算机应用研究所，四川绵阳621900
² 北京交通大学电子信息工程学院，北京 100044

修回日期:2017-12-13 出版日期:2018-01-01 发布日期:2018-02-05
作者简介:胡腾（1988?），男，中国工程物理研究院计算机应用研究所工程师，主要研究方向为计算机技术与信息安全。|李观文（1992?），男，北京交通大学电子信息工程学院博士生，主要研究方向为软件定义网络与网络安全。|周华春（1965?），男，博士，北京交通大学电子信息工程学院教授、博士生导师，主要研究方向为移动互联网、网络安全与卫星网络。
基金资助:
NSAF联合基金资助项目(U1530118);国家自然科学基金资助项目(61271202);国防基础科研基金资助项目(JCKY2016212C005)

Service-oriented security framework for datacenter networks

Teng HU¹,Guanwen LI²,Huachun ZHOU²

¹ Institute of Computer Application,China Academy of Engineering Physics,Mianyang 621900,China
² School of Electronic and Information Engineering,Beijing Jiaotong University,Beijing 100044,China

Revised:2017-12-13 Online:2018-01-01 Published:2018-02-05
Supported by:
NSAF(U1530118);The National Natural Science Foundation of China(61271202);National Defense Basic Scientific Research Program of China(JCKY2016212C005)

摘要/Abstract

摘要：

随着数据中心网络在云计算领域的大规模商用，数据网络的安全问题愈发受到重视。然而，由于传统数据中心安全设备部署方式静态僵化，难以满足动态多变的网络安全态势，无法应对新的安全威胁。因此，提出一种面向服务的数据中心安全框架。基于虚拟化技术和软件定义网络，将虚拟化的安全功能灵活组合，并实现安全策略动态更新的过程。通过原型系统测试验证了所提安全框架的可行性和有效性，为数据中心网络的灵活性和安全性提升提供了一种解决方案。

关键词: 数据中心网络, 安全功能链, 安全策略部署

Abstract:

With the large-scale deployment of datacenters in cloud computing,there is an increasing attention to their security issues.However,with the ossify deployment of traditional security devices,it is hard to meet the requirements of dynamical network security situation and copy with new kinds of security threats.Therefore,a service-oriented security framework for datacenter networks was proposed,which was able to compose the virtualized security functions flexibly and update the security policies dynamically based on virtualization technology and software-defined networking.With the implementation of prototype,the feasibility and availability of the proposed security framework was proved,and a solution to promote the flexibility and security of datacenter networks was provided.

Key words: datacenter network, security function chaining, security policy deployment

中图分类号:

TP393

胡腾,李观文,周华春. 面向服务的数据中心安全框架[J]. 电信科学, 2018, 34(1): 8-16.

Teng HU,Guanwen LI,Huachun ZHOU. Service-oriented security framework for datacenter networks[J]. Telecommunications Science, 2018, 34(1): 8-16.

图/表 12

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

图11

图12

参考文献 22

[1]	Cisco. Cisco Data Center Security Study[R]. 2017.
[2]	韦乐平 . SDN的战略性思考[J]. 电信科学, 2015,31(1): 7-12.
	WEI L P . Strategic thinking on SDN[J]. Telecommunications Science, 2015,31(1): 7-12.
[3]	王歆平, 王茜, 刘恩慧 ,等. 基于 SDN 的按需智能路由系统研究与验证[J]. 电信科学, 2014,30(4): 8-14.
	WANG X P , WANG Q , LIU E H ,et al. Research and verification on SDN-based on-demand smart routing system[J]. Telecommunications Science, 2014,30(4): 8-14.
[4]	李丹, 刘方明, 郭得科 ,等. 软件定义的云数据中心网络基础理论与关键技术[J]. 电信科学, 2014,30(6): 48-59.
	LI D , LIU F M , GUO D K ,et al. Fundamental theory and key technology of software defined cloud data center network[J]. Telecommunications Science, 2014,30(6): 48-59.
[5]	HAN B , GOPALAKRISHNAN V , JI L ,et al. Network function virtualization:challenges and opportunities for innovations[J]. IEEE Communications Magazine, 2015,53(2): 90-97.
[6]	NICK M , TOM A , HARI B ,et al. OpenFlow:enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008,38(2): 69-74.
[7]	CHUNG C J , XING T , HUANG D ,et al. SeReNe:on establishing secure and resilient networking services for an SDN-based multi-tenant datacenter environment[C]// IEEE International Conference on Dependable Systems and Networks Workshops,June 22-25,2015,Rio de Janeiro,Brazil. Piscataway:IEEE Press, 2015.
[8]	AMMAR M , RIZK M , ABDEL-HAMID A ,et al. A framework for security enhancement in SDN-based datacenters[C]// 2016 8th IFIP International Conference on New Technologies,Mobility and Security,November 21-23,2016,Larnaca,Cyprus. Piscataway:IEEE Press, 2016.
[9]	JOEL H , CARLOS P Service function chaining,RFC Editor,October 2015[R/OL].(2015-10-01)[2017-11-14]. .
[10]	KUMAR S , TUFAIL M , MAJEE S ,et al. Service function chaining use cases in data centers.Internet-Draft draft-ietf- sfcdc-use-cases-06[RB/OL].(2017-01-01)[2017-11-14]. .
[11]	LEIVADEAS A , FALKNER M , LAMBADARIS I ,et al. Resource management and orchestration for a dynamic service chain steering model[C]// IEEE Global Communications Conference,December 4-8,2016,Washington,DC,USA. Piscataway:IEEE Press, 2016.
[12]	WANG X , LIU Z , LI J ,et al. Tualatin:towards network security service provision in cloud datacenters[C]// 2014 3rd International Conference on Computer Communication and Networks,August 4-7,2014,Shanghai,China. Piscataway:IEEE Press, 2016.
[13]	KUMAR D , TUFAIL E , MAJEE L ,et al. Framework for interface to network security functions.Internet-Draft draftietf-i2nsf-framework-08,IETF Secretariat,October 2017[R/OL].(2017-10-10)[2017-11-10]. .
[14]	OpenDaylight SFC project[EB/OL].(2016-10-21)[2017-11-10]. .
[15]	Docker[EB/OL].(2017-01-01)[2017-11-10]. .
[16]	Open vSwitch[EB/OL].(2016-01-01)[2017-11-10]. .
[17]	Redis[EB/OL].(2017-01-01)[2017-11-10]. .
[18]	Openstack[EB/OL].(2017-01-01)[2017-11-10]. .
[19]	Iptables[EB/OL].(2014-01-01)[2017-11-10]. .
[20]	Snort[EB/OL].(2017-01-01)[2017-11-10]. .
[21]	PAUL Q , URI E , CARLOS P ,et al. Network service header (NSH):Internet-Draft draft-ietf-sfc-nsh-28[EB/OL].(2017-11-03)[2017-11-10]. .
[22]	Conf D[EB/OL].(2017-01-01)[2017-11-10]. .

面向服务的数据中心安全框架

Service-oriented security framework for datacenter networks

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 22

相关文章 6

Metrics

推荐阅读 0

[1]	高凯辉, 李丹. 数据中心网络性能保障研究综述[J]. 电信科学, 2023, 39(6): 1-21.
[2]	马腾,胡宇翔. 一种数据中心网络虚拟机快速在线迁移算法[J]. 电信科学, 2017, 33(6): 64-72.
[3]	邢宁哲,吴舜,万莹,周亚东,胡成臣,赵泓博,刘伟昌. SDN技术在电力企业数据中心应用的探索与研究[J]. 电信科学, 2015, 31(5): 158-164.
[4]	樊自甫,伍春玲,王金红. 基于SDN架构的数据中心网络路由算法需求分析[J]. 电信科学, 2015, 31(2): 36-45.
[5]	李丹,刘方明,郭得科,何源,黄小猛. 软件定义的云数据中心网络基础理论与关键技术[J]. 电信科学, 2014, 30(6): 48-59.
[6]	罗萱,叶通,金耀辉. 云计算数据中心网络研究综述[J]. 电信科学, 2014, 30(2): 99-104.