%0 Journal Article %T 云数据中心面向租户的安全功能按需服务系统<br>On-demand security function provision for tenants in the cloud datacenter %A 殷明勇 %A 李光磊 %A 周华春 %J 北京交通大学学报 %D 2018 %R 10.11860/j.issn.1673-0291.2018.05.007 %X 摘要 由于云数据中心为租户提供的安全服务粒度较粗,租户无法为自身深度定制和管控所需要的安全服务功能.利用云数据中心租户所租赁的基于内核的虚拟机(KVM)和基于容器的虚拟网络功能,实现虚拟嵌套,设计和实现基于容器的面向租户的安全功能按需服务系统.租户可利用软件定义网络(SDN)和网络功能虚拟化(NFV)技术对自身的网络安全服务进行灵活动态的管控,实现按需服务.通过在私有云平台的部署和实验,验证了方案的可行性和系统的灵活性.<br>Abstract:Tenants in cloud datacenters are not able to achieve highly customized security service controlling and managing their security functions, since cloud providers usually offer coarse-grained security function service. In this paper, we design and deploy an on-demand security function provision system for tenants in cloud datacenter via virtual nesting, Kernel-based Virtual Machines (KVM) and container-based virtual network functions. Based on Software Defined Networking (SDN) and Network Function Virtualization (NFV) technologies, the proposed system enables flexible and dynamic control and management of network security service for tenants. We implement the system in a private cloud platform and the conducted experiments verify its availability and flexibility. %K 软件定义网络 %K 网络功能虚拟化 %K 容器 %K 安全服务功能链 %K 云数据中心< %K br> %K software defined networking %K network function virtualization %K container %K security function chaining %K cloud datacenter %U http://jdxb.bjtu.edu.cn/CN/abstract/abstract3379.shtml