共查询到20条相似文献,搜索用时 109 毫秒
1.
在大数据时代,为了提升集群服务器的利用效率,实现资源集约化和统一管理,向不同的用户提供安全可靠和易于操作的大数据多租户服务系统的需求随之出现。基于这种需求,本文提出一种大数据租户身份验证与数据鉴权的管理服务平台,其多租户体系由LDAP、Kerberos和自研的权限中心配合实现。其中,LDAP与Kerberos集成实现租户的管理与保障租户身份鉴定的安全性,权限中心与LDAP配合实现租户权限策略的存储与访问。此外,管理服务平台还能够根据Hadoop集群服务节点资源情况灵活部署,通过与租户建立映射实现平台账号间的信息隔离,对多租户系统中组件的运行状态提供监控,并为多租户系统提供可视化的操作页面。 相似文献
2.
虚拟机在网络安全实验教学中的应用 总被引:1,自引:0,他引:1
虚拟机技术在计算机中的应用越来越广泛。利用虚拟机技术可以高效、快速、低成本地搭建复杂的网络环境,特别是在网络安全方面,无论是在评估网络模型性能,病毒分析系统,还是网络环境模拟方面,虚拟机技术都发挥着关键性的支撑作用。文中介绍了如何利用VMware的网络安全工具虚拟机高效快捷地实现全套的网络安全实验。实践结果表明,通过NST完全可以在有限的单机资源上模拟复杂的网络环境,并实现网络攻防过程的演示教学。 相似文献
3.
4.
5.
软件即服务(Software-as-a-Service,SaaS)已经变成十分流行的软件模型,租户可以通过互联网访问SaaS化的服务,并且通过SaaS服务提供商租用所需服务.以某省数字化档案馆的建设为背景,结合了SaaS服务模型支持多租户,灵活可定制的特性,提出一种基于SaaS的数字化档案管理系统架构,该架构不仅支持多租户访问,而且支持服务组件的定制,有利于解决日益复杂的档案管理问题,也有利于避免各地市档案馆建设的重复投资.重点对支持多租户的存储模型的构建,以及档案业务逻辑在线定制模型进行了研究,提出了一种在线的动态代理模型—ActiveProxy模型,应用效果良好. 相似文献
6.
传统的计算机教学实训平台一般通过使用VMware Workstation创建一系列的虚拟机,在VMware Workstation强大的组网能力下搭建复杂的网络环境来实现虚拟机之间相互通信。传统的计算机教学实训平台面临着一系列的问题,如操作系统与应用软件升级换代越来越占用计算机资源、随着时间推移计算机性能逐渐下降、学生下课后无法使用教学实训资源等。随着云计算技术的飞速发展,使用OpenStack云计算技术可以构建计算机教学实训平台,把传统虚拟机的资源从部署在学生端转移到服务器端,学生只需1台性能一般的计算机通过远程软件连接到服务器上就可以完成实训,彻底解决了计算机实训室一直需要不断地对硬件与软件升级的问题。 相似文献
7.
8.
9.
10.
11.
Secure quality of service handling: SQoSH 总被引:1,自引:0,他引:1
Alexander D.S. Arbaugh W.A. Keromytis A.D. Muir S. Smith J.M. 《Communications Magazine, IEEE》2000,38(4):106-112
Proposals for programmable network infrastructures, such as active networks and open signaling, provide programmers with access to network resources and data structures. The motivation for providing these interfaces is accelerated introduction of new services, but exposure of the interfaces introduces many new security risks. We describe some of the security issues raised by active networks. We then describe our secure active network environment (SANE) architecture. SANE was designed as a security infrastructure for active networks, and was implemented in the SwitchWare architecture. SANE restricts the actions that loaded modules can perform by restricting the resources that can be named; this is further extended to remote invocation by means of cryptographic credentials. SANE can be extended to support restricted control of quality of service in a programmable network element. The Piglet lightweight device kernel provides a “virtual clock” type of scheduling discipline for network traffic, and exports several tuning knobs with which the clock can be adjusted. The ALIEN active loader provides safe access to these knobs to modules that operate on the network element. Thus, the proposed SQoSH architecture is able to provide safe, secure access to network resources, while allowing these resources to be managed by end users needing customized networking services. A desirable consequence of SQoSH's integration of access control and resource control is that a large class of denial-of-service attacks, unaddressed solely with access control and cryptographic protocols, can now be prevented 相似文献
12.
13.
介绍了InTouch组态软件的网络数据交换接口,并针对控制系统的网络化趋势,提出并设计实现了InTouch组态软件的CORBA网络数据交换接口,弥补了其原有接口的不足,使其更适合于设计分布式控制系统。 相似文献
14.
针对宏微协同组网下小区间无线资源管理问题,文章提出一种大规模多入多出系统下基于微小区分簇的联合传输和动态频谱分配策略,该策略分两步执行以优化网络加权和速率.首先,所提算法根据各用户当前的信道状态执行微小区分簇,以尽可能地降低小区间干扰,提升系统容量.接着,宏基站和各微小区簇根据所服务用户当前的业务请求信息分别为其动态分配子载波,以最大化网络加权和速率,并提升资源利用率.仿真结果显示,该文提出的微小区分簇和动态频谱分配策略能在尽可能降低宏微协同组网中用户间干扰的同时,有效地提升系统吞吐量. 相似文献
15.
Service management in multiparty active networks 总被引:2,自引:0,他引:2
《Communications Magazine, IEEE》2000,38(3):144-151
Active networking is an expanding field of research. It includes the ability to easily install and modify customized network services and to process packets within the network in a customized way. This article addresses the question of how the benefits of active networking can be exploited in an environment where a large number of customers must share a common network infrastructure. We introduce a management framework for active networks that allows customers to deploy and manage their own active services in a provider domain. The key concept in our framework is the virtual active network. From the customer perspective, the VAN represents an environment in which the customer can install, run, and manage active services without interaction with the VAN provider. From the VAN provider perspective, the VAN represents the object of resource partitioning and customer isolation. Active networking combined with the VAN concept allows for new business models in the telecom industry 相似文献
16.
针对时延容忍的移动社交网络中的资源发现问题,在三维环境下提出一种基于兴趣和行为预测的动态资源发现机制(IBRD)。IBRD首先从用户的文件资源和信息表中提取兴趣向量,然后通过节点间的余弦相似度计算构造初始的虚拟兴趣社区。之后,通过对移动社交数据的分析,建立半马尔可夫链模型以预测节点的行为和运动轨迹。依据模型的预测结果,实现虚拟兴趣社区的动态维护。最后,基于动态的虚拟兴趣社区构建高效的资源发现策略。IBRD机制在随机网络仿真器(ONE)上得以实现,实验结果表明,IBRD与同类模型相比,具有较高的资源发现成功率、较低的平均时延和通信开销。 相似文献
17.
As one part of our life, there are many different types of security threats in social network, and the virtual assets of social networking users has become the attack target. It is of great importance to use security patches in social network to offset the security threats. However, the dissemination of security patches will bring challenges to energy consumptions and network resources which are limited in social networks. In this paper, we will construct a novel optimal dissemination strategy based on differential game to get the desired equilibrium between security risks and resource consumption. The optimal dissemination rate is obtained from the Nash equilibrium solution. Simulation analysis will be given to illustrate that resource consumption and virtual assets loss can be reduced based on the proposed scheme. 相似文献
18.
Alexander S. Yuu-Heng Cheng Coan B. Ghetie A. Kaul V. Siegell B. Bellovin S. Maxemchuk N. Schulzrinne H. Schwab S. Stavrou A. Smith J.M. 《Communications Magazine, IEEE》2009,47(10):40-47
The ZODIAC project has been exploring a security first approach to networking based on a new idea, the dynamic community of interest, based on groups of users with a demonstrable need to know. ZODIAC uses the most challenging network setting (the mobile ad hoc network) as a target, since each node must incorporate functions of both hosts and routers. The realization of the DCoI is a work in progress, but initial implementation results have shown that DCoI concepts can be translated into working systems. The current system applies virtual machine containers, extensive use of cryptography and digital signatures, dispersity routing, DHT-based naming, and explicit rate control among other advanced techniques. Putting security to the forefront in the design has led to interesting consequences for naming, authorization, and connection setup. In particular, it has demanded a hierarchical structure for DCoIs that may initially appear somewhat alien to Internet users. Nonetheless, our implementation has illustrated that a highly available network that provides confidentiality and integrity can be constructed and made usable. 相似文献
19.
针对在线虚拟组网实验中无法识别任意网络协议(IP,Internet Protocol)地址配置的问题,在深入研究实际路由器、交换机、计算机终端的组网配置命令以及虚拟实验设计技术的基础上,应用动态控件技术及C#编程语言,主要利用C#中的正则表达式匹配,设计并实现了IP地址的一种有效识别检验方法。实践证明,该方法能确保学生在实验过程中及时发现IP是否配置出错,避免重复工作和事后检查,提高了实验效率。 相似文献
20.
基于精简指令集的软件保护虚拟机技术研究与实现 总被引:1,自引:0,他引:1
针对软件知识产权与版权保护需求,对多样性技术和基于虚拟机的软件保护技术进行分析和研究,设计了一种基于寄存器的精简指令集软件保护虚拟机SPVM,并实现了一个具有高强度和扩展性的防逆向工程和篡改、防止核心算法破解和防盗版的软件保护虚拟机系统VMDefender.通过采用多样性和虚拟机等技术,最终实现了防止软件盗版和对软件机密信息以及软件核心技术的保护. 相似文献