• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Computer security >SDN-Enabled Virtual Data Diode
【24h】

SDN-Enabled Virtual Data Diode

机译:启用S​​DN的虚拟数据二极管

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The growing number of cyber-attacks targeting critical infrastructures, as well as the effort to ensure compliance with security standards (e.g. Common Criteria certifications), has pushed for Industrial Automation Control Systems to move away from the use of conventional firewalls in favor of hardware-enforced strict unidirectional gateways (data diodes). However, with the expected increase in the number of interconnected devices, the sole use of data diodes for network isolation may become financially impractical for some infrastructure operators. This paper proposes an alternative, designed to leverage the benefits of Software Defined Networking (SDN) to virtualize the data diode. Besides presenting the proposed approach, a review of data diode products is also provided, along with an overview of multiple SDN-based strategies designed to emulate the same functionality. The proposed solution was evaluated by means of a prototype implementation built on top of a distributed SDN controller and designed for multi-tenant network environments. This prototype, which was developed with a focus in performance and availability quality attributes, is able to deploy a virtual data diode in the millisecond range while keeping the latency of the data plane to minimal values.
机译:针对关键基础设施的网络攻击的数量不断增加,以及确保符合安全标准(例如,通用标准认证)的努力,促使工业自动化控制系统不再使用传统防火墙,而是转向使用硬件-强制执行严格的单向网关(数据二极管)。然而,随着互连设备数量的预期增加,对于某些基础设施运营商来说,仅使用数据二极管进行网络隔离可能在经济上不切实际。本文提出了一种替代方案,旨在利用软件定义网络(SDN)的优势来虚拟化数据二极管。除了介绍所提出的方法外,还提供了对数据二极管产品的评论,以及对旨在模拟相同功能的多种基于SDN的策略的概述。通过在分布式SDN控制器上构建并针对多租户网络环境设计的原型实现,对提出的解决方案进行了评估。该原型的开发侧重于性能和可用性质量属性,它能够在毫秒范围内部署虚拟数据二极管,同时将数据平面的延迟保持在最小值。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号