首页 | 本学科首页   官方微博 | 高级检索  
     检索      

Collaborative Network Security in Multi-Tenant Data Center for Cloud Computing
作者姓名:Zhen Chen  Wenyu Dong  Hang Li  Peng Zhang  Xinming Chen  and Junwei Cao
作者单位:[1]Junwei Cao are with Research Institute of Information Technology and Tsinghua National Lab for Information Science and Technology, Tsinghua University, Beijing 100084, China. [2]Wenyu Dong is with the Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China. [3]Department of Computer Science and Technology, PLA Univ. of Info. & Eng., Zhengzhou 450001, China. [4]Department of Electronic and Information Engineering, Xi'an Jiaotong University, Xi'an 710049, China. [5]Department of Electrical and Computer Engineering, University of Massachusetts, MA 01003, USA.
摘    要:A data center is an infrastructure that supports Internet service. Cloud comput the face of the Internet service infrastructure, enabling even small organizations to quickly ng is rapidly changing build Web and mobile applications for millions of users by taking advantage of the scale and flexibility of shared physical infrastructures provided by cloud computing. In this scenario, multiple tenants save their data and applications in shared data centers, blurring the network boundaries between each tenant in the cloud. In addition, different tenants have different security requirements, while different security policies are necessary for different tenants. Network virtualization is used to meet a diverse set of tenant-specific requirements with the underlying physical network enabling multi-tenant datacenters to automatically address a large and diverse set of tenants requirements. In this paper, we propose the system implementation of vCNSMS, a collaborative network security prototype system used n a multi-tenant data center. We demonstrate vCNSMS with a centralized collaborative scheme and deep packet nspection with an open source UTM system. A security level based protection policy is proposed for simplifying the security rule management for vCNSMS. Different security levels have different packet inspection schemes and are enforced with different security plugins. A smart packet verdict scheme is also integrated into vCNSMS for ntelligence flow processing to protect from possible network attacks inside a data center network

关 键 词:数据中心  网络安全  计算  协作  应用程序共享  基础设施  原型系统  物理网络

Collaborative Network Security in Multi-Tenant Data Center for Cloud Computing
Zhen Chen,Wenyu Dong,Hang Li,Peng Zhang,Xinming Chen,and Junwei Cao.Collaborative Network Security in Multi-Tenant Data Center for Cloud Computing[J].Tsinghua Science and Technology,2014(1):82-94.
Authors:Zhen Chen  Wenyu Dong  Hang Li  Peng Zhang  Xinming Chen  Junwei Cao
Abstract:A data center is an infrastructure that supports Internet service. Cloud computing is rapidly changing the face of the Internet service infrastructure, enabling even small organizations to quickly build Web and mobile applications for millions of users by taking advantage of the scale and flexibility of shared physical infrastructures provided by cloud computing. In this scenario, multiple tenants save their data and applications in shared data centers, blurring the network boundaries between each tenant in the cloud. In addition, different tenants have different security requirements, while different security policies are necessary for different tenants. Network virtualization is used to meet a diverse set of tenant-specific requirements with the underlying physical network, enabling multi-tenant datacenters to automatically address a large and diverse set of tenants requirements. In this paper, we propose the system implementation of vCNSMS, a collaborative network security prototype system used in a multi-tenant data center. We demonstrate vCNSMS with a centralized collaborative scheme and deep packet inspection with an open source UTM system. A security level based protection policy is proposed for simplifying the security rule management for vCNSMS. Different security levels have different packet inspection schemes and are enforced with different security plugins. A smart packet verdict scheme is also integrated into vCNSMS for intelligence flow processing to protect from possible network attacks inside a data center network.
Keywords:data center network  network security  software defined network  collaborative network security  multi- tenant  network virtualization  intelligent flow processing  cloud computing
本文献已被 CNKI 维普 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号