Research Of Security Management System For Virtual Networks Laboratory Based On B/S Mode

Virtual Lab, breaking the traditional laboratories' limits and reducing the investment in laboratory equipment and the heavy burden of laboratory management, has been widely applied in many fields recently. According to the requirements of SHERNET, the virtual networks laboratory based on B/S mode, an integrated system composed of virtual experiments and security management, is researched and developed by our group.In order to ensure the virtual networks laboratory against various threats on the Internet, a set of effective security mechanism must be established. In addition, the virtual networks laboratory must provide not only plentiful experiments but also management function, such as experiment teaching and evaluation, as it is a wonderful substitute for real networks lab. Therefore, a comprehensive security management system is necessary for virtual lab. The security management system for the virtual networks laboratory, which can be used for similar online-labs, includes the framework of online-lab, access control, security of the virtual experiment, database security and user interaction, virtual lab security, daily maintenance, and etc.Firstly, on the basis of the three-layer-structure in B/S mode, the framework and function of the virtual networks laboratory are planned; the mechanisms and processes of the security management system are designed; the security management platform has been build up. In this paper, the user authentication mechanism and the authority management strategy are carried out based on RBAC method, so as to solve the system access and the authority isolation problems effectively. Moreover, the real-time storage function of online networks experiments is proposed and implemented originally, which improves reliability and security of the virtual experiment. Under the guidance of the theory of relational databases, the system database is eligible for data integrity and availability, and the user interaction platform is accomplished with the help of data security control measures. In particular, the defense model against app-DDoS based on the traffic statistics is devised to monitor and control traffic for the purpose of preventing malicious access. Besides, a variety of networks security measures and the server security strategy are adopted to guarantee virtual lab security.At present, supported by the security management system, the virtual network laboratory has been put into use in the computer networks course with good condition. Finally, the summary and the prospect are made in this paper.