面向云数据中心的网络安全服务提供

2014 23rd International Conference on Computer Communication and Networks (ICCCN) Pub Date : 2014-09-29 DOI:10.1109/ICCCN.2014.6911782

Xiang Wang, Zhi Liu, Jun Li, Baohua Yang, Yaxuan Qi

{"title":"面向云数据中心的网络安全服务提供","authors":"Xiang Wang, Zhi Liu, Jun Li, Baohua Yang, Yaxuan Qi","doi":"10.1109/ICCCN.2014.6911782","DOIUrl":null,"url":null,"abstract":"Multi-tenant infrastructures deployed in cloud datacenters need network security protection. However, the rigid control mechanism of current security middleboxes induces inflexible orchestration, limiting the agile and on-demand security provision in virtualized datacenters. This paper presents Tualatin, a consolidated framework of delivering security services in multi-tenant datacenters. It meets security requirements of different scenarios by hardware and software co-design. Leveraging Software-Defined Networking (SDN) and OpenFlow techniques, Tualatin provides fine-grained security protection in dynamically changing network topologies, where both switches and security middleboxes are programmatically controlled by logically centralized controllers. With service-level APIs exposed, Tualatin could be easily integrated with other Cloud Management System (CMS). A proof-of-concept system has been deployed in a Tier-IV datacenter, providing customizable network security services for tenant Virtual Private Cloud (VPC) infrastructure.","PeriodicalId":404048,"journal":{"name":"2014 23rd International Conference on Computer Communication and Networks (ICCCN)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Tualatin: Towards network security service provision in cloud datacenters\",\"authors\":\"Xiang Wang, Zhi Liu, Jun Li, Baohua Yang, Yaxuan Qi\",\"doi\":\"10.1109/ICCCN.2014.6911782\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Multi-tenant infrastructures deployed in cloud datacenters need network security protection. However, the rigid control mechanism of current security middleboxes induces inflexible orchestration, limiting the agile and on-demand security provision in virtualized datacenters. This paper presents Tualatin, a consolidated framework of delivering security services in multi-tenant datacenters. It meets security requirements of different scenarios by hardware and software co-design. Leveraging Software-Defined Networking (SDN) and OpenFlow techniques, Tualatin provides fine-grained security protection in dynamically changing network topologies, where both switches and security middleboxes are programmatically controlled by logically centralized controllers. With service-level APIs exposed, Tualatin could be easily integrated with other Cloud Management System (CMS). A proof-of-concept system has been deployed in a Tier-IV datacenter, providing customizable network security services for tenant Virtual Private Cloud (VPC) infrastructure.\",\"PeriodicalId\":404048,\"journal\":{\"name\":\"2014 23rd International Conference on Computer Communication and Networks (ICCCN)\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-09-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 23rd International Conference on Computer Communication and Networks (ICCCN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCN.2014.6911782\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 23rd International Conference on Computer Communication and Networks (ICCCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCN.2014.6911782","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

摘要

云数据中心部署的多租户基础设施需要网络安全保护。然而，当前安全中间件的严格控制机制导致了不灵活的编排，限制了虚拟化数据中心中敏捷和随需应变的安全供应。本文介绍了Tualatin，一个在多租户数据中心中交付安全服务的统一框架。通过软硬件协同设计，满足不同场景的安全需求。利用软件定义网络(SDN)和OpenFlow技术，Tualatin在动态变化的网络拓扑中提供细粒度的安全保护，其中交换机和安全中间件都由逻辑集中的控制器以编程方式控制。随着服务级api的公开，Tualatin可以很容易地与其他云管理系统(CMS)集成。已部署概念验证系统，为租户VPC (Virtual Private Cloud)基础设施提供可定制的网络安全服务。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Tualatin: Towards network security service provision in cloud datacenters

Multi-tenant infrastructures deployed in cloud datacenters need network security protection. However, the rigid control mechanism of current security middleboxes induces inflexible orchestration, limiting the agile and on-demand security provision in virtualized datacenters. This paper presents Tualatin, a consolidated framework of delivering security services in multi-tenant datacenters. It meets security requirements of different scenarios by hardware and software co-design. Leveraging Software-Defined Networking (SDN) and OpenFlow techniques, Tualatin provides fine-grained security protection in dynamically changing network topologies, where both switches and security middleboxes are programmatically controlled by logically centralized controllers. With service-level APIs exposed, Tualatin could be easily integrated with other Cloud Management System (CMS). A proof-of-concept system has been deployed in a Tier-IV datacenter, providing customizable network security services for tenant Virtual Private Cloud (VPC) infrastructure.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 23rd International Conference on Computer Communication and Networks (ICCCN)

自引率

0.00%

发文量