| Cloud computing is the computer resource usage patterns which are centered inservices and based on Internet, it usually involves the virtualized resources whichprovide via the Internet, and easily and dynamically scalable. It is regarded as thenext revolution of the technology industry, it will bring a fundamental change inworking methods and business models. Because of the resources sharingcharacteristics of cloud computing, the security issue is an important reason to hinderits development. As an important mechanism to protect the safety of network, thefirewall is the important and indispensable security components in the network system,which used a rule-based filtering to protect the network from unauthorized access.The firewall policy in cloud computing environment, however, come from a largenumber of users’ participation and make the firewall policy is complex and extensive,inevitably there will occur the conflict among policy, then threaten the security incloud computing. Therefore, in view of the different types of cloud computingenvironment, this paper proposes the automated methods of the firewall policyconflict detecting and resolving, to maintenance the network security of the cloudcomputing.Firstly, for the small cloud computing environment, this paper proposes asimple algorithm that based on the Quicksort algorithm to solve the policyconflict. For the segments generated by the rule-based segmentation technology, thispaper deals with the conflicting segment by a custom function that combined theSpecificity-overrides with the High-majority-overrides, to get the action constraint.For avoiding the situation that too many rules would cause the firewall filteringdysfunction, this paper sorts all the segments by customizing algorithm based on theQuickSort algorithm, and then transforms all segments back to the representation ofrules to instead the original rules.Secondly, in the large-scale cloud computing environment, this paper proposesanother parallel resolving algorithm that based on MapReduce model, to reduce thetime of firewall policy detection and adjustment when virtual machine is indeployment. For the conflicting segments, this paper deals with them by a risk-basedconflict resolution, to get the action constraint. Depends on the rich resources in cloudcomputing environment, this paper proposes that sorting all the segments by custom MapReduce-based algorithm, then transform all them back to the representation ofrules to replace the original rules.Through the experiment and simulation, this paper proves that the algorithm ispractical, the time spent on conflict resolving is far less than the existingalgorithm. The conflict resolving algorithm in this paper can resolve the conflicts inthe firewall policies close to100%. The orderly rules will make the packet filteringafter more time-saving. |
PDF Full Text Request