English  |  正體中文  |  简体中文  |  Items with full text/Total items : 888/888 (100%)
Visitors : 13638844      Online Users : 334
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://ccur.lib.ccu.edu.tw/handle/A095B0000Q/778

    Title: 於IaaS中利用虛擬安全設備建置聯合防禦系統之設計與實現;Design and Implementation of Collaborative Defense System Based on Virtual Security Devices in Infrastructure as a Service
    Authors: 陳俊智;CHEN, JUN-ZHI
    Contributors: 通訊工程研究所
    Keywords: 基礎設施即服務;雲端安全;網路聯防;IaaS;OpenStack;Cloud Security;Collaborative defense
    Date: 2017
    Issue Date: 2019-07-17 10:47:48 (UTC+8)
    Publisher: 通訊工程研究所
    Abstract: 隨著通訊網路技術以及數據應用的快速發展之下,雲端技術也廣泛的應用在生活之中,例如:Google Drive、Amazon Web Service、VMforce…等等,依雲端提供的服務不同可分為雲端軟體服務(Software as a Service,SaaS)、雲端平台服務(Platform as a Service,PaaS)、雲端設備服務(Infrastructure as a Service,IaaS)。許多SaaS與PaaS業者選擇使用IaaS租用大量虛擬機以建置所需要的服務,而如何確保IaaS中虛擬機的安全性便是一個重大的挑戰。本論文提出利用軟體定義網路(Software-Defined Networking,SDN)與虛擬安全設備建置出安全的雲端環境,並藉由虛擬安全設備之間與外部實體防火牆的訊息交換,能夠先行配置對應的安全政策,再利用外部實體防火牆將惡意流量阻擋在雲端主機外,維持雲端服務主機的資源可用性。在此架構中,IaaS用戶可依不同安全需求自行增加封包比對規則,使整體雲端設備運用更為彈性。本論文將運用虛擬安全設備之間與外部實體防火牆的聯合防禦機制,保護Cloud Data Center中的虛擬機免於遭受攻擊,且能將惡意流量阻擋在雲端主機外部。考量到雲端服務提供給不同租戶(Tenant)使用,安全策略無法一體適用,因此利用租戶自訂的封包比對規則來達到租戶不同的安全需求。本論文研究重點著重於雲端架構、封包導向、虛擬設備與實體防火牆之間的聯防機制之設計,使雲端設備服務中的虛擬機獲得更高的安全等級。
    With the rapid development of network technology and big data, cloud computing has been widely utilized in life. E.g., Google Drive, Amazon Web Service, VMforce. According to the service of the cloud provision, the service can be divided into Software as a Service, Platform as a service and Infrastructure as a service. Many SaaS and PaaS provider use IaaS to rent a large number of VM to build their service. In addition, how to secure VMs in IaaS is a big challenge. This paper proposes the use of Software-Defined Networking and virtual security devices to build a safe cloud environment. Through the virtual security devices and the physical firewall message exchange, the security rule can be applied in advance to block the malicious traffic outside of the cloud servers. In this architecture, the tenants of IaaS can add their packet matching rules according to the security requirements, and make the cloud more flexible.This paper uses the collaborative defense of virtual security devices and physical firewall to avoid VMs in Cloud Data Center from attack, and the proposed architecture can block the malicious traffic outside of the cloud server. Considering the cloud service is provided for different tenants, the security policy cannot apply uniformly. Therefore, this paper uses the flexible of packet matching rules to achieve the requirements of tenants. This paper focus on the design of cloud architecture, collaboration between virtual security devices and physical firewall, and flow control. The architecture will make the VMs in IaaS to obtain a higher security level.
    Appears in Collections:[通訊工程研究所] 學位論文

    Files in This Item:

    File Description SizeFormat

    All items in CCUR are protected by copyright, with all rights reserved.

    版權聲明 © 國立中正大學圖書館網頁內容著作權屬國立中正大學圖書館


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback