• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Computer networks >A lightweight policy enforcement system for resource protection and management in the SDN-based cloud
【24h】

A lightweight policy enforcement system for resource protection and management in the SDN-based cloud

机译:轻量级策略实施系统,用于基于SDN的云中的资源保护和管理

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

SDN-based cloud adopts Software-defined Networking (SDN) to provide network services to the cloud, which allows more flexibility in network management. Meanwhile, the SDN controller provides users and administrators with various APIs to access and manage network resources. However, unauthorized requests, which are either sent from unregistered users or containing malicious operations, cannot be completely defended. Moreover, the correctness of network configuration in the SDN-based cloud cannot be guaranteed. In this paper, we propose SDNKeeper, a generic and fine-grained policy enforcement system for the SDN-based cloud, which can defend against unauthorized attacks and avoid network resource misconfiguration. Besides, a policy language is designed for administrators to define policies based on the attributes of the requester, resource, and environment. These policies will take effect when there are requests accessing the SDN controller via Northbound Interface (NBI). Specifically, SDNKeeper can block unauthorized network access requests outside the controller to protect the resources inside. Compared to other traditional policy-based access control systems, SDNKeeper is application-transparent and lightweight, which makes it easy to implement, deploy, and reconfigure at runtime. Based on the correctness proof of system design and the prototype implementation and evaluation, we conclude that SDNKeeper achieves accurate and efficient access control with insignificant throughput degradation and computational overhead. (C) 2019 Elsevier B.V. All rights reserved.
机译:基于SDN的云采用软件定义网络(SDN)向云提供网络服务,从而在网络管理方面具有更大的灵活性。同时,SDN控制器为用户和管理员提供了各种API,以访问和管理网络资源。但是,未注册用户发送的未经授权的请求或包含恶意操作的未经授权的请求无法得到完全防御。而且,不能保证基于SDN的云中网络配置的正确性。在本文中,我们提出了SDNKeeper,这是一种用于SDN云的通用且细粒度的策略执行系统,可以防御未经授权的攻击并避免网络资源配置错误。此外,还设计了一种策略语言,供管理员根据请求者,资源和环境的属性来定义策略。当有请求通过北向接口(NBI)访问SDN控制器时,这些策略将生效。特别是,SDNKeeper可以阻止控制器外部的未授权网络访问请求,以保护内部资源。与其他传统的基于策略的传统访问控制系统相比,SDNKeeper具有应用程序透明和轻量级的特性,这使得在运行时易于实现,部署和重新配置。基于系统设计的正确性证明以及原型的实现和评估,我们得出结论,SDNKeeper可以实现准确而有效的访问控制,而吞吐量降低和计算开销却很小。 (C)2019 Elsevier B.V.保留所有权利。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号