面向云服务的混合防火墙技术研究
|
摘要
对于网络服务以及应用,防火墙是第一道防线.尽管通过现有的方法能够显著增强系统的安全性,但很多研究也证明了传统防火墙的局限性.随着虚拟化和云计算的出现,基于网络的服务呈现爆炸式的增长.面向云服务,利用无固有边界的虚拟化的云来构建虚拟防火墙,存在安全性与可靠性无法有效控制的问题.这将导致用户无法正常使用这些云服务,本文提出了一种有效的混合架构来权衡云防火墙的性能与可靠性.该混合架构由物理部分和虚拟部分共同构成,采用虚拟的方法实现了物理防火墙的基本功能,同时保障了云计算节点间的高性能合作,增强防火墙的计算能力.提出的架构通过仿真实验部署,结果表明,基于云计算的混合防火墙机制有效的改善了传统防火墙的计算能力.
Firewalls are the first defense line for the networking services and applications. With the advent of virtualization and Cloud Computing,the explosive growth of network-based services,investigations have emphasized the limitations of conventional firewalls. However,despite being impressively significant to improve security,cloud-based firewalling approaches still experience severe performance and reliability issues that can lead to non-use of these services by companies.Hence,our work presents an efficient architecture to manage performance and reliability on a hybrid cloud-based firewalling service. Being composed of a physical and a virtual part,the architecture follows an approach that supports and complements basic physical firewall functionalities with virtual ones.The architecture was deployed and the experimental results show that the proposed approach improves the computational power of traditional firewall with the support of cloud-based firewalling service.
Firewalls are the first defense line for the networking services and applications. With the advent of virtualization and Cloud Computing,the explosive growth of network-based services,investigations have emphasized the limitations of conventional firewalls. However,despite being impressively significant to improve security,cloud-based firewalling approaches still experience severe performance and reliability issues that can lead to non-use of these services by companies.Hence,our work presents an efficient architecture to manage performance and reliability on a hybrid cloud-based firewalling service. Being composed of a physical and a virtual part,the architecture follows an approach that supports and complements basic physical firewall functionalities with virtual ones.The architecture was deployed and the experimental results show that the proposed approach improves the computational power of traditional firewall with the support of cloud-based firewalling service.
引文
[1]崔竞松,郭迟,陈龙,等.创建软件定义网络中的进程级纵深防御体系结构[J].软件学报,2014(10):2251-2265.
[2]曹立铭,赵逢禹.私有云平台上的虚拟机进程安全检测[J].计算机应用研究,2013,30(5):1495-1499.
[3]马永红,高洁.基于嵌入式马尔可夫链的网络防火墙性能建模与分析[J].计算机应用研究,2014,31(5):1491-1498.
[4]邵国林,陈兴蜀,尹学渊,等.基于Open Flow的虚拟机流量检测系统的设计与实现[J].计算机应用,2014,34(4):1034-1041.
[5]侯整风,庞有祥.多核防火墙分层内容过滤的时延分析[J].计算机工程与应用,2011,47(12):93-96.
[6]王欢,李战怀,张晓,等.支持连续数据保护的云备份系统架构设计[J].计算机工程与应用,2012,48(1):90-93.
[7]秦拯,欧露,张大方,等.高吞吐量协作防火墙的双向去冗余方法[J].湖南大学学报(自然科学版),2013,40(1):93-97.
[8]孔红山,唐俊,张明清,等.基于SITL的网络攻防仿真平台的设计与实现[J].计算机应用研究,2011,28(7):2715-2718.
[9]陈冬雨.思科开启“云”防火墙时代[J].计算机安全,2010(1):91.
[10]荀仲恺,黄皓,金胤丞,等.基于SR-IOV的虚拟机防火墙设计与实现[J].计算机工程,2014(5):154-157.
[2]曹立铭,赵逢禹.私有云平台上的虚拟机进程安全检测[J].计算机应用研究,2013,30(5):1495-1499.
[3]马永红,高洁.基于嵌入式马尔可夫链的网络防火墙性能建模与分析[J].计算机应用研究,2014,31(5):1491-1498.
[4]邵国林,陈兴蜀,尹学渊,等.基于Open Flow的虚拟机流量检测系统的设计与实现[J].计算机应用,2014,34(4):1034-1041.
[5]侯整风,庞有祥.多核防火墙分层内容过滤的时延分析[J].计算机工程与应用,2011,47(12):93-96.
[6]王欢,李战怀,张晓,等.支持连续数据保护的云备份系统架构设计[J].计算机工程与应用,2012,48(1):90-93.
[7]秦拯,欧露,张大方,等.高吞吐量协作防火墙的双向去冗余方法[J].湖南大学学报(自然科学版),2013,40(1):93-97.
[8]孔红山,唐俊,张明清,等.基于SITL的网络攻防仿真平台的设计与实现[J].计算机应用研究,2011,28(7):2715-2718.
[9]陈冬雨.思科开启“云”防火墙时代[J].计算机安全,2010(1):91.
[10]荀仲恺,黄皓,金胤丞,等.基于SR-IOV的虚拟机防火墙设计与实现[J].计算机工程,2014(5):154-157.