AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (10.7 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Research and Practice of Dynamic Network Security Architecture for IaaS Platforms

College of Computer Science, Sichuan University, Chengdu 610065, China.
Show Author Information

Abstract

Network security requirements based on virtual network technologies in IaaS platforms and corresponding solutions were reviewed. A dynamic network security architecture was proposed, which was built on the technologies of software defined networking, Virtual Machine (VM) traffic redirection, network policy unified management, software defined isolation networks, vulnerability scanning, and software updates. The proposed architecture was able to obtain the capacity for detection and access control for VM traffic by redirecting it to configurable security appliances, and ensured the effectiveness of network policies in the total life cycle of the VM by configuring the policies to the right place at the appropriate time, according to the impacts of VM state transitions. The virtual isolation domains for tenants’ VMs could be built flexibly based on VLAN policies or Netfilter/Iptables firewall appliances, and vulnerability scanning as a service and software update as a service were both provided as security supports. Through cooperation with IDS appliances and automatic alarm mechanisms, the proposed architecture could dynamically mitigate a wide range of network-based attacks. The experimental results demonstrate the effectiveness of the proposed architecture.

References

【1】
【1】
 
 
Tsinghua Science and Technology
Pages 496-507

{{item.num}}

Comments on this article

Go to comment

< Back to all reports

Review Status: {{reviewData.commendedNum}} Commended , {{reviewData.revisionRequiredNum}} Revision Required , {{reviewData.notCommendedNum}} Not Commended Under Peer Review

Review Comment

Close
Close
Cite this article:
Chen L, Chen X, Jiang J, et al. Research and Practice of Dynamic Network Security Architecture for IaaS Platforms. Tsinghua Science and Technology, 2014, 19(5): 496-507. https://doi.org/10.1109/TST.2014.6919826

914

Views

84

Downloads

4

Crossref

N/A

Web of Science

8

Scopus

0

CSCD

Received: 15 July 2014
Revised: 15 August 2014
Accepted: 20 August 2014
Published: 13 October 2014
© The Author(s) 2014