nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

01.01.2016

NetSecCC: A scalable and fault-tolerant architecture for cloud computing security

verfasst von: Jin He, Mianxiong Dong, Kaoru Ota, Minyu Fan, Guangwei Wang

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 1/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

How to ensure network security for modern virtual machine based cloud computing platforms is still an open question. This question becomes more important and urgent to solve, as the fast development of cloud computing in recent years. Though there are many existing solutions, they either provide incomplete protection or neglect important intrinsic characteristics in cloud computing. In this paper, we introduce a novel network security architecture for cloud computing (NetSecCC) considering characteristics of cloud computing. Specifically, it 1) provides protection to both external and interne traffics in cloud computing, 2) attains flexible scalability with respect to virtual middlebox load, and 3) achieves fault-tolerant among virtual middlebox failure. Experiments and simulations on our proof-of-concept prototype of NetSecCC validate that NetSecCC is an effective architecture with minimal performance overhead, and that it can be applied to extensive practical promotion in cloud computing.

Vorheriger Artikel Immersive voice communication for massively multiplayer online games

Nächster Artikel Security analysis and enhancements of an improved authentication for session initiation protocol with provable security

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Cully B, Lefebvre G, Meyer D, Feeley M, Hutchinson N, Remus A W (2008) High availability via asynchronous virtual machine replication. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, pp 161–174. San Francisco

Dong M, Ota K, He L, Suguo D, Zhu H, Guo S (2013) Rendezvous: towards fast event detecting in wireless sensor and actor networks. Computing:1–16

Dong M, Ota K, Lin M, Tang Z, Suguo D, Zhu H (2014) Uav-assisted data gathering in wireless sensor networks. J Supercomput:1–14

Duncan AJ, Creese S, Goldsmith M (2012) Insider attacks in cloud computing. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on, pp 857–862. IEEE

BIG-IP Configuring High Availability F5 Networks Inc. http://support.f5.com/kb/enus/products/big-ip_ltm/manuals/product/tmos_management_guide_10_0_0/tmos_high_avail.html

Fernandes DAB, Soares LFB, Gomes JV, Freire MM, Inácio PRM (2013) Security issues in cloud environments: a survey. Int J Inf Secur:1–58

IPFire. http://www.ipfire.org/

Joseph D, Stoica I (2008) Modeling middleboxes. Network, IEEE 22 (5):20–25CrossRef

Li H, Lin X, Yang H, X Liang, Lu R, Shen X (2013) Eppdr: An efficient privacy-preserving demand response scheme with adaptive key evolution in smart grid. IEEE Trans Parallel Distrib Syst:1

10.

Li H, Rongxing L, Zhou L, Bo Y, Shen X (2013) An efficient merkle-tree-based authentication scheme for smart grid. Syst J IEEE:655–663

11.

McKeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L, Rexford J, Shenker S, Turner J (2008) Openflow: enabling innovation in campus networks. ACM SIGCOMM Comput Commun Rev 38 (2):69–74CrossRef

12.

Mell P, Grance T (2011) The nist definition of cloud computing (draft). NIST Spec Publ 800 (145):7

13.

ModSecurity. http://www.modsecurity.org/

14.

Mohammed A, Sama S, Mohammed M (2012) Enhancing Network Security in Linux Environment, PhD thesis, Halmstad University

15.

NVD. http://nvd.nist.gov/

16.

AWS [Online]. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html

17.

HackBar [Online]. https://addons.mozilla.org/en-us/firefox/addon/hackbar/

18.

IXIA [Online]. http://www.ixiacom.com/

19.

Nikto [Online]. http://www.netsecurity.com

20.

OpenSSL [Online]. http://www.openssl.org/

21.

SecaaS [Online]. https://cloudsecurityalliance.org/research/secaas/

22.

SQL Inject [Online]. https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/

23.

Tamper Data [Online]. https://addons.mozilla.org/en-us/firefox/addon/tamper-data/

24.

VMware [Online]. http://www.vmware.com/

25.

Zap [Online]. https://code.google.com/p/zaproxy/

26.

Apache HTTP Server Project[Online]. http://httpd.apache.org/

27.

McAfee SaaS Email Protection and Web Protection. http://www.mcafee.com/us/products/security-as-a-service/index.aspx

28.

Qazi ZA, Cheng-Chun T, Chiang L, Miao R, Sekar V, Minlan Y (2013) Simple-fying middlebox policy enforcement using sdn. In Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM, pp 27–38, ACM

29.

Rajagopalan S, Williams D, Jamjoom H (2013) Pico replication: a high availability framework for middleboxes. In Proceedings of the 4th annual Symposium on Cloud Computing, pp 1, ACM

30.

Rajagopalan S, Williams D, Jamjoom H, Andrew W (2013) Split/merge: System support for elastic execution in virtual middleboxes. In Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation, pp 227–240, USENIX Association

31.

Khaled S, Jose MAC, Sherali Z, Sameera A-M, Mohammed A (2013) Using cloud computing to implement a security overlay network. IEEE Secur Priv 11 (1):44–53

32.

Sekar V, Egi N, Ratnasamy S, Reiter MK, Shi G (2012) Design and implementation of a consolidated middlebox architecture. In Proceedings NSDI

33.

Sekar V, Ratnasamy S, Reiter MK, Egi N, Shi G (2011) The middlebox manifesto: enabling innovation in middlebox deployment. In Proceedings of the 10th ACM Workshop on Hot Topics in Networks, pp 21, ACM

34.

Sherry J, Hasan S, Scott C, Krishnamurthy A, Ratnasamy S, Sekar V (2012) Making middleboxes someone else’s problem: Network processing as a cloud service. ACM SIGCOMM Comput Commun Rev 42 (4):13–24CrossRef

35.

SpamAssassin. http://spamassassin.apache.org/

36.

Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34 (1):1–11CrossRef

37.

Topilski N, Albrecht JR, Vahdat A (2008) Improving scalability and fault tolerance in an application management infrastructure. In LASCO

38.

High Availability Reference Guide Vyatta Inc. http://www.vyatta.com/downloads/documentation/VC6.5/Vyatta-HA_6.5R1_v01.pdf

39.

Wang Z, Chiachih W, Grace M, Jiang X (2012) Isolating commodity hosted hypervisors with hyperlock. In Proceedings of the 7th ACM european conference on Computer Systems, EuroSys ’12, pp 127–140. ACM, NY, USA

40.

Hanqian W, Yi D, Winer C, Li Y (2010) Network security for virtual machine in cloud computing. In Computer Sciences and Convergence Information Technology (ICCIT), 2010 5th International Conference on, pp 18–21. IEEE

41.

Yue Wu, Noonan JP, Agaian S (2010) Binary data encryption using the sudoku block cipher. In Systems Man and Cybernetics (SMC), 2010 IEEE International Conference on, pp 3915–3921. IEEE

42.

Zissis D, Lekkas D (2012) Addressing cloud computing security issues. Futur Gener Comput Syst 28 (3):583–592CrossRef

Titel: NetSecCC: A scalable and fault-tolerant architecture for cloud computing security
verfasst von: Jin He
Mianxiong Dong
Kaoru Ota
Minyu Fan
Guangwei Wang
Publikationsdatum: 01.01.2016
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 1/2016
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-014-0314-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2016

A lightweight privacy preserving authenticated key agreement protocol for SIP-based VoIP

Erratum to: A comprehensive study of the resource discovery techniques in Peer-to-Peer networks

An IP-TV P2P streaming system that improves the viewing quality and confines the startup delay of regular audience

Towards bandwidth-efficient keyword continuous query processing over DHTs

A free rider aware topological construction strategy for search in unstructured P2P networks

A channel-hopping scheme for continuous rendezvous and data delivery in cognitive radio network