软件定义安全模型与架构浅析

目前大多数企业已经部署了基于策略访问控制的信息安全防御体系,但是随着云计算环境部署和网络攻击技术的发展,安全正成为云计算环境下亟待解决的重要问题,诸如能轻而易举地绕过传统防火墙、突破基于黑/白名单与特征匹配的安全防御机制等高级持续性攻击,给传统安全体系带来了新的挑战.分析了传统紧耦合安全防御体系在虚实结合网络环境下面临的问题,提出了软件定义安全的模型及其框架下的关键技术,实现了虚拟的和物理的网络安全设备与它们的接入模式、部署位置解耦合,为企业云计算环境下自适应的主动安全防护提供了有益的探索.

Analysis of software defined security model and architecture

Currently,most enterprises have deployed information security defense system based on policy access control.With cloud computing environment deployment and network attacking technology development,security has been regarded as one of the greatest problems in the cloud computing environment.The advanced persistent attacks including of bypassing the traditional firewall easily,breaking through the black and white list and feature matching of the security defense mechanism have included to the traditional security system new challenges.The problem in the traditional tightly coupled security defense system of combining the virtual with the true for construction of network environments was described,and a software defined security model and framework was provided.The decoupling scheme of access patterns and deployment position in combining the virtual with the true for construction of network environments was realized,which provided a beneficial exploration in the field of the adaptive active safety for enterprise cloud computing environment.