| 摘要: | 隨著網路技術的快速發展,帶動了網路架構的變動。近年來最受到重視的是軟體定義網路(Software Defined Network, SDN),許多雲端運算的架構都是使用軟體定義網路來建置。雲端運算的服務類型可分為三種:基礎設施即服務(Infrastructure as a service, IaaS)、平台即服務(Platform as a service, PaaS)、軟體即服務(Software as a service, SaaS)。目前有許多的雲端供應商皆有提供虛擬機器之服務,而採用的虛擬化平台大多都是Xen來建置。政府機關、學校、公司已經將其網站及資料庫放置於雲端運算的虛擬機器之上,因而造就虛擬機器的大量使用。然而,伴隨而來的是在雲端運算平台上虛擬機器安全問題等等更多的考驗。
在跨雲端運算環境中,使用者將可能遭受來自四面八方的攻擊,有可能是外部的攻擊,或是內部的攻擊,因此需要入侵偵測與防禦系統來抵擋這些攻擊。而外部的交換器或是內部的虛擬交換器將會接收到這些惡意攻擊之封包,因此本研究利用入侵偵測與防禦軟體需監控於這兩個地方,透過美國史丹福大學所開發的NetFPGA可程式化網卡,與Open vSwitch來架構出OpenFlow軟體定義網路,並研究雲端運算可能會面臨到那些問題。
本論文將利用OpenFlow Switch與Open vSwitch軟體定義網路來建構出跨雲端運算的環境,並使用Xen來提供虛擬機器之服務,而在Xen的主要控制系統上安裝入侵偵測與防禦系統Snort搭配軟體定義網路之形式來保護Xen實體機器上虛擬機器之安全,透過外部機器或是內部虛擬機器攻擊正常的虛擬機器,能夠達到有效的防禦攻擊行為。
;With the rapid development of Internet technology, there is bringing about change of network architecture. Software Defined Network (SDN) has been greatly valued over the last few years. Many architectures of cloud computing network are built by Software Defined Network. The service model of cloud computing can be divided into three types: Infrastructure as a service, Platform as a service, and Software as a service. Currently, many cloud providers provide virtual machine service. And their virtualization platform are built by Xen. The inter connection of VM in cloud use the network that are defined and operated by software. The Government, schools, and companies put their websites and databases on the virtual machines in cloud computing. Thus it caused a lot of usage for virtual machine. However, the accompanying issues are virtual machine security and other challenge in cloud computing.
In inter-cloud computing environment, the user may be suffered attacks in all directions. The attacks may come from external or internal. Thus, we need intrusion detection and prevention system to block attacks. External Switch or internal virtual switch can receive these malicious packets. Therefore, our study used intrusion detection and prevention system should monitor the two places. By the Stanford University developed the NetFPGA platform which is based on a programmable NIC, and Open vSwitch to build OpenFlow Software Defined Network.
We use OpenFlow Switch and Open vSwitch Software Defined Network to build inter-cloud computing environment. And also use Xen to provide virtual machine service. We will install intrusion prevention and detection system, Snort, on domain-0 and Software Defined Network to protect the virtual machines on the Xen platform. External machines or internal virtual machines will attack normal virtual machines, our result show that External machines and internal virtual machines can’t attack normal virtual machines. |
