Journal of Computer Applications ›› 2015, Vol. 35 ›› Issue (5): 1262-1266.DOI: 10.11772/j.issn.1001-9081.2015.05.1262

Previous Articles     Next Articles

Communication access control method based on software defined networking for virtual machines in IaaS platforms

HAN Zhenyang, CHEN Xingshu, HU Liang, CHEN Lin   

  1. College of Computer Science, Sichuan University, Chengdu Sichuan 610065, China
  • Received:2014-11-24 Revised:2015-01-08 Online:2015-05-10 Published:2015-05-14

基于软件定义网络的IaaS虚拟机通信访问控制方法

韩贞阳, 陈兴蜀, 胡亮, 陈林   

  1. 四川大学 计算机学院, 成都 610065
  • 通讯作者: 陈兴蜀
  • 作者简介:韩贞阳(1988-),男,河南商丘人,硕士研究生,主要研究方向:云计算网络; 陈兴蜀(1968-),女,四川成都人,教授,博士生导师,博士,主要研究方向:信息安全、计算机网络、云计算; 胡亮(1990-),男,四川成都人,硕士研究生,主要研究方向:云计算安全; 陈林(1983-),男,四川宜宾人,博士研究生,主要研究方向:云计算安全.
  • 基金资助:

    国家科技支撑计划项目(2012BAH18B05).

Abstract:

Concerning the problem that the network access control of Virtual Machines (VM) in the cloud computing Infrastructure as a Service (IaaS) platforms, a method of communication access control for VM in IaaS platforms was proposed. The method based on Software Defined Networking (SDN) was realized to customize the communication access control rules from Layer 2 to Layer 4. The experimental results show that the method can manage communication access permissions of tenants' VM flexibly, and ensure the security of tenants' network.

Key words: Software Defined Networking (SDN), access control, cloud computing, Infrastructure as a Service (IaaS), firewall

摘要:

针对云计算基础设施即服务(IaaS)平台所面临的虚拟机网络通信访问控制问题,提出了一种可适于IaaS平台的虚拟机通信访问控制方法.该通信访问控制方法基于软件定义网络(SDN),实现针对虚拟机通信的L2~L4层访问控制.实验结果表明:该通信访问控制方法能够有效实现对租户虚拟机通信的灵活访问控制,保障IaaS平台中租户网络的安全.

关键词: 软件定义网络, 访问控制, 云计算, 基础设施即服务, 防火墙

CLC Number: