Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Distributed network security control method of public cloud service

A distributed network and security control technology, applied to electrical components, transmission systems, etc., to achieve fast start-up time, minimized occupation, and guaranteed query performance

Inactive Publication Date: 2011-05-04
BEIJING JIAOTONG UNIV
View PDF2 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] The purpose of the present invention is to address the above-mentioned problems existing in the existing methods, and propose a distributed security policy management method for the public cloud service environment, which can ensure the effectiveness of the security policy in the public cloud environment without obviously occupying the network bandwidth. In addition, this method can also effectively improve the adaptability of the cloud security gateway to the number of cloud security policies, reduce the requirements of the cloud security gateway for local storage capabilities, and at the same time ensure the high performance of security policy queries

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Distributed network security control method of public cloud service
  • Distributed network security control method of public cloud service
  • Distributed network security control method of public cloud service

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] Such as figure 1 As shown, the cloud security system consists of security management components such as cloud security gateway and security block entity. When a user logs in through the cloud security gateway and accesses cloud service resources, the cloud security gateway requests authentication information from the user; after obtaining the user authentication information, the cloud security gateway will send an authentication request to the security authentication module, and the security authentication module will return the authentication result to the Cloud security gateway; if the authentication result allows the user to log in, the cloud security gateway queries the local customer status online table, and checks whether the customer to which the logged-in user belongs has a corresponding item in the table: if yes, set the customer offline time of the corresponding item to 0, if No, the cloud security gateway sends a customer security policy application to the se...

Embodiment 2

[0041] For the first time, the customer has users accessing cloud service resources through a cloud security gateway:

[0042]If a customer logs in and accesses cloud service resources through a cloud security gateway for the first time, the cloud security gateway authenticates the user through a security authentication entity. If the authentication result allows the user to log in, the cloud security gateway queries the local customer status online table, checks that there is no corresponding item in the table for the customer to which the logged-in user belongs, and the cloud security gateway sends a customer security policy application to the security policy management module; the security policy management module receives After the security zone policy application from the cloud security gateway, if there is a corresponding "customer ID, cloud security gateway ID, T2" item in the use table, all security policies related to the customer will be returned to the cloud security...

Embodiment 3

[0044] The customer once again has users accessing cloud service resources through a cloud security gateway within T1 time:

[0045] If a user logs in and accesses cloud service resources through a cloud security gateway, and a user belonging to the customer logs in and accesses cloud service resources through the same cloud security gateway again, after the cloud security gateway authenticates the user through the security authentication module, The cloud security gateway checks that there is an entry related to the customer to which the user belongs in the online state table of the local customer, and the cloud security gateway controls the user's cloud service resource access according to the security policy table of the customer to which the user belongs.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a distributed network security control method of a public cloud service, belonging to the technical field of information. The method comprises the following steps of: receiving the authentication information of a user by a cloud security gateway, and after the user passes the authentication, inquiring a local client state on-line table by the cloud security gateway to generate a security policy; if the security policy of the user does not exist in the local client state on-line table, sending a client security apply to a security control center by the cloud security gateway; generating the security policy of the user by the security control center and then sending the security policy of the user to the cloud security gateway; and controlling the access of the user by the cloud security gateway according to the security policy of the user. The invention has the advantages that because the quantity of security policies required to be maintained by the cloud security gateway is small, the security performance is higher; because the system only needs to synchronize update results of the security policies onto the cloud security gateway requiring the security policy update results, the security policy management efficiency is higher; and the occupation of system resources by security policy management is reduced.

Description

technical field [0001] The invention relates to a network security control method for distributed security gateways in a public cloud service environment, and is especially suitable for the distribution, use and deletion of security policies in a large-scale cloud service environment with a large number of customers and a large number of security policies. The management method belongs to the field of information technology. Background technique [0002] Public cloud services realize the reuse of computing resources through virtualization technology, thereby providing information resource services for multiple customers. Public cloud services include information technology infrastructure services, platform services, and software services. [0003] Because cloud services provide services to multiple customers through resource reuse, the security of cloud services must be the primary concern of cloud service customers. A cloud service provider (CSP) should provide each custo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
Inventor 李晓勇韩臻何永忠袁中兰
Owner BEIJING JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com