A SDN-Based Controller For Securing Cloud Tenant Networks

Posted on:2018-06-12

Degree:Master

Type:Thesis

Country:China

Candidate:P F Wan

Full Text:PDF

GTID:2428330569975186

Subject:Computer software and theory

Abstract/Summary:

PDF Full Text Request

In the paradigm of Infrastructure-as-a-Service(IaaS)cloud,the virtual IT infrastructure requested by the enterprises or institutions from IaaS cloud provider constitutes Tenant Networks(TN for short).To isolate TNs from each other,it is natural to use Software-Defined Networking(SDN),or more specifically the virtual SDN(vSDN)technology,to virtualize a cloud into TNs.However,the current vSDN uses a SDN hypervisor to attain TNs,where the cloud administrator is given much-more-than-necessary privileges,meaning not only a violation of the security principle of least privilege but also a serious threat of malicious or innocent-but-compromised administrator.Therefore,how to securely manage TN in cloud is a topic worthy of study.A SDN-based controller for securing cloud TNs,named TNGuard,is secure,efficient and extensible.To manage TNs securely,TNGuard defines a specification of TN management,called TN abstraction,which specifies the TN's function requirements and security requirements,obeying the principles of least privilege and separation of duty.To protect TNs from cloud administrator,TNGuard designs network privilege model and integrity management mechanism,which removes cloud administrator's unnecessary privileges and protects the controller's integrity separately.To improve the system response efficiency,TNGuard moves TN_admins' Apps from their local computers to the cloud,which reduces the communication overhead between Apps and controller.TNGuard meets all the requirements in TN abstraction and can be easily extended to other platformsExperimental results show that TNGuard can effectively defend cloud administrator's attacks against TNs.As for performance,the boot time of TNGuard is 2.635 seconds,which only takes a 2.9% extra time compared to traditional SDN controller.TNGuard's average response efficiency is high,and its cross-zone communication rate is about 200M/s,would be sufficient for most,if not all,applications.In summary,TNGuard enhances the TN security and incurs a small performance overhead.

Keywords/Search Tags:

SDN, Cloud Network Security, Trusted Verification, Virtualization

PDF Full Text Request

Related items

1	Research On Key Security Technologies Of Trusted Cloud Service And Terminal
2	A Study Of Secure Virtualization Technology Based On Trusted Computing
3	Research And Implementation Of Security Interaction Based On SGX And VMX
4	Research Of A Trusted Monitoring Framework For Cloud Platforms
5	Design And Implementation Of Cloud Security Oriented Virtual Domain Trusted Root
6	Research On Trusted Security Mechanism Of Cloud Computing Platform
7	Trusted Grub & Virtualization Of Trusted Device Forward Trusted Chain In Xen-Based Secure Computer
8	Research On Key Technologies Of Virtual Trusted Root Management Framework In Cloud Environment
9	Research On Key Technologies Of Trusted Container Cloud Environment
10	Research Of Trusted Cloud Architecture And The Key Technologies