The Design And Implementation Of Security Service Orchestration System Based On Software Defined Security

This paper designs and implements a security orchestration system based on SDS using SDN / NFV technology, which aims at achieving the security automation of the cloud computing center, in order to distribute the resources of the virtual security device rationally,and make the cloud security services more automatic, efficent and intelligent. From the point of view of the project implementation, the security orchestration system implemented in this paper has been tried to be used inside the company. The system components, including security controller, appstore and virtual security devices' management platform, have been commercialized or used in the company project.Firstly,the paper expatiates the significance of this issue through introducing the perspective of the background. Secondly, the core technologies used in this paper are introduced,including software-defined security technology, SDN network technology, NFV technology and so on. Thirdly, the design and implementation of the whole system is expounded, including the implementation of the Web layer based on AppStore platform, orchestrator and virtual security devices' management platform. This part of the paper mainly introduces the system from the aspect of application scenarios, requirements, architecture design and implementation;Finally, two application examples are shown based on the orchestration system, which verifies the feasibility of the system.The innovation of this paper is building a bridge among the cloud security services,changing the delivery mode of cloud security services, from providing with a single security service to providing with a security protecting solution. The change of delivery mode not only reduces the users' threshold of using the cloud security service, but also improves the efficiency of cloud security protection and reduces the cost of cloud computing vendors.In this paper, the orchestration engine and software-defined security technology are integrated deeply. By taking advantages of the SDS technology, orchestration system shields the differences between the various security devices from different vendors in the control plane and ensures the orchestrator focused on high-level logic processing. In addition,a virtual security devices' management platform is designed for the management and registration of virtual security devices,which can guarantee the implementation of the strategy. From a point view of software-defined security architecture, the Virtual Security Device Management Platform is also an implementation of the security pool.In addition, this paper ends with comparing with phantom which was RSA Security Sandbox champin in 2016 to discuss the advantages and disadvantages of this system.