| 摘要: | 在跨雲端運算環境下,使用者可能將資訊存在不同的雲端上,使用者及雲端供應商可以對不同雲端上的資訊進行存取使用,然而隨之而來的則是必須面對資訊洩露和資訊安全政策等更多的挑戰,因為在跨雲端網路環境,封包傳出必須經過網際網路,若缺少妥善的安全機制,很可能遭到攻擊者竊聽封包進行惡意攻擊。另外也須確保使用者所接收資訊符合資訊安全政策。
跨雲端運算環境需要高速運算需求,而近年來隨著網際網路的快速發展,現有網路設備及協定在跨雲端環境下更顯不敷使用,因此美國史丹佛大學開發的OpenFlow軟體定義網路(Software Defined Network, SDN)架構也成為研究重點。為滿足雲端間高速通信的需求及達成上述雲端安全管理需求的機制,本研究利用OpenFlow 架構出跨雲端運算的環境,探討並解決跨雲端運算的安全需求。
目前雲端安全的相關研究大多偏重在雲端內部,OpenFlow於跨雲端安全管理之相關研究也尚未多見,所以本研究希望以OpenFlow來實現跨雲端安全管理機制,以OpenFlow建構出跨雲端運算的環境;結合Secure in-packet Bloom Filter封包轉發機制,將轉送路徑資訊儲存於跨雲端銜接的路徑節點及封包中,在進行跨雲端傳送時,得以隱藏雲端內部資訊,避免資訊外洩,同時也可利用 OpenFlow 的彈性架構達到使用者自訂的安全控制,符合跨雲端運算的安全需求。
In inter-cloud computing environment, the user may be saved data on the different cloud, users and cloud providers can access different information on the different cloud. However, this will increase information divulged and information security policy challenge, because in inter-cloud environment, packet forward must pass internet, if the lack of proper security mechanisms, probably attacker can eavesdropping packet lead to malicious attack. Also, it’s required to ensure that the user receives information matches information security policy.
Inter-cloud computing needs high-speed computing requires, and recent year with the rapid development of internet, the existing network equipment and protocols is not enough for use in inter-cloud environment. So the Stanford University developed the OpenFlow Software-Defined Networks architecture has become research priorities, our study used OpenFlow to build inter-cloud computing environment, explore and resolve requires of inter-cloud computing security .
Currently, cloud security research mostly biased towards the internal of cloud, and OpenFlow has not yet common in inter-cloud security management. So our research hopes to use OpenFlow to achieve inter-cloud security management mechanism, use OpenFlow to construct inter-cloud high speed computing environments
combined with Secure in-packet Bloom Filter forwarding mechanism, to avoid information leakage, also can use flexible architecture of OpenFlow to achieve user-defined security controls to meet the security requires of inter-cloud computing. |
