软件定义安全模型与架构浅析

doi:10.11959/j.issn.1000-0801.2017074

Abstract

Abstract:

Currently,most enterprises have deployed information security defense system based on policy access control.With cloud computing environment deployment and network attacking technology development,security has been regarded as one of the greatest problems in the cloud computing environment.The advanced persistent attacks including of bypassing the traditional firewall easily,breaking through the black and white list and feature matching of the security defense mechanism have included to the traditional security system new challenges.The problem in the traditional tightly coupled security defense system of combining the virtual with the true for construction of network environments was described,and a software defined security model and framework was provided.The decoupling scheme of access patterns and deployment position in combining the virtual with the true for construction of network environments was realized,which provided a beneficial exploration in the field of the adaptive active safety for enterprise cloud computing environment.

Key words: access control, cloud computing, advanced persistent threat, software defined security, decoupled

CLC Number:

TP309

Chunmei GUO,Jun MA,Hao GUO,Xueyao BI,Ruhui ZHANG,Shaomin ZHU,Congyi YANG. Analysis of software defined security model and architecture[J]. Telecommunications Science, 2017, 33(6): 186-192.

Figures/Tables 4

References 5

[1]	刘文懋, 裘晓峰, 陈鹏程 ,等. 面向 SDN 环境的软件定义安全架构[J]. 计算机科学与探索, 2015,9(1): 63-70.
	LIU W M , QIU X F , CHEN P C ,et al. SDN oriented software-defined security architecture[J]. Journal of Frontiers of Computer Science and Technology, 2015,9(1): 63-70.
[2]	裘晓峰, 赵粮, 高腾 . VSA和SDS:两种SDN网络安全架构的研究[J]. 小型微型计算机系统, 2013,34(10): 2299-2303.
	QIU X F , ZHAO L , GAO T . VSA and SDS:two security architectures in SDN[J]. Journal of Chinese Computer Systems, 2013,34(10): 2299-2303.
[3]	左青云, 陈鸣, 赵广松 ,等. 基于OpenFlow的SDN技术研究[J]. 软件学报, 2013,24(5): 1078-1097.
	ZUO Q Y , CHEN M , ZHAO G S ,et al. Research on OpenFlow-based SDN technologies[J]. Journal of Software, 2013,24(5): 1078-1097.
[4]	李陟, 李小爽 . 通过虚拟导流突破云环境安全部署问题[J]. 邮电设计技术, 2016,10(1): 45-49.
	LI Z , LI X S . Through the virtual diversion to break through the cloud environment safety deployment issues[J]. Designing Techniques of Posts and Telecommunications, 2016,10(1): 45-49.
[5]	林萍萍, 毕军, 胡虹雨 ,等. 一种面向 SDN 域内控制平面可扩展性的机制[J]. 小型微型计算机系统, 2013,34(9): 1980-1983.
	LIN P P , BI J , HU H Y ,et al. MSDN:a mechanism for scalable intra-domain control plane in SDN[J]. Journal of Chinese Computer Systems, 2013,34(9): 1980-1983.

Metrics

Recommended 0

No Suggested Reading articles found!

[1]	Xue HAN. Damage toughness assessment method of power backbone communication network based on power big data [J]. Telecommunications Science, 2023, 39(5): 136-143.
[2]	Jiangxing WU. Revolution of the development paradigm of network technology system—network of networks [J]. Telecommunications Science, 2022, 38(6): 3-12.
[3]	Wenjuan XING, Bo LEI, Qianying ZHAO. Development status and trend prospect of computing power infrastructure [J]. Telecommunications Science, 2022, 38(6): 51-61.
[4]	Pingke DENG, Tongxu ZHANG, Nanxiang SHI, Tong ZHANG, Tianzhu SHAO, Shaowen ZHENG. Computing satellite networks—the novel development of computing-empowered space-air-ground integrated networks [J]. Telecommunications Science, 2022, 38(6): 71-81.
[5]	Kun MA, Lingyu XU, Xiaoping SHEN, Zhicheng GONG, Jianping LAN, Shuangxi CHEN, Jun QIAN. Virtual machine scheduling model based on Shapley value modified genetic algorithm in cloud computing [J]. Telecommunications Science, 2022, 38(12): 1-10.
[6]	Zhiyong LIU, Zhongjiang HE, Yilong RUAN, Junfeng SHAN, Chao ZHANG. Big data security features and operation practices [J]. Telecommunications Science, 2021, 37(5): 160-169.
[7]	Jian XU,Li JIN. A quantifiable cloud computing platform security evaluation model [J]. Telecommunications Science, 2020, 36(7): 163-167.
[8]	Wei DING. Network security threat prevention and control system of electric power monitoring systems for wind farm [J]. Telecommunications Science, 2020, 36(5): 138-144.
[9]	Sining LUO,Hualong WANG,Hongyu LI,Wei PENG. Improved ant colony algorithm based cloud computing user task scheduling algorithm [J]. Telecommunications Science, 2020, 36(2): 95-100.
[10]	Guofeng HE. Application protection in 5G cloud network using zero trust architecture [J]. Telecommunications Science, 2020, 36(12): 123-132.
[11]	Mengyao LU,Hongyu TANG,Wei TANG,Jian ZHANG. Adaptive security architecture defense platform based on software defined security [J]. Telecommunications Science, 2020, 36(12): 133-138.
[12]	Bo LEI, Zengyi LIU, Xuliang WANG, Mingchuan ·ANG, ·unqing CHEN. Computing network:a new multi-access edge computing [J]. Telecommunications Science, 2019, 35(9): 44-51.
[13]	Yongmei GAO,Guanjie CHENG. Data-intensive service deployment based on edge computing [J]. Telecommunications Science, 2019, 35(7): 87-99.
[14]	Zelin LU,Qiangzhi LI. Evolutionary logic and operational mechanism of E-commerce platform [J]. Telecommunications Science, 2019, 35(7): 152-158.
[15]	Zhilan HUANG,Yongbing FAN,Ning FAN,Nan CHEN,Linze WU,Baohong LIN. Solution and key technology of integrating vFW in cloud platform [J]. Telecommunications Science, 2019, 35(5): 140-148.

Analysis of software defined security model and architecture

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 5

Related Articles 15

Metrics

Recommended 0