Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Open flow table security enhancement method and device

An open-flow and secure technology, applied in transmission systems, electrical components, etc., can solve problems such as large differences in security execution units, difficulty in achieving centralized control and management, and incompetence in scenarios, so as to resist zero-day attacks and mitigate distributed denial. Effects of service attacks

Active Publication Date: 2013-05-08
ZTE CORP
View PDF6 Cites 52 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This architecture has the following limitations: (1) It is difficult for enterprises to deploy new security applications on the security execution unit, and usually needs to purchase the entire device to complete the upgrade of new features; (2) The security execution units provided by different manufacturers are quite different, Inconsistent security policies make it difficult to achieve interoperability and centralized control and management; (3) Traditional security execution units are usually deployed at the edge of the enterprise, which is difficult for virtualized multi-tenant scenarios

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Open flow table security enhancement method and device
  • Open flow table security enhancement method and device
  • Open flow table security enhancement method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail by citing the following embodiments and referring to the accompanying drawings.

[0060] figure 2 A schematic diagram of the composition and structure of the open flow table security enhancement device in the embodiment of the present invention, as shown in figure 2 As shown, the open flow table security enhancement device in the embodiment of the present invention includes a security application unit 150, a security control unit 152 and a security execution unit 154, wherein:

[0061] A security application unit 150, configured to provide security applications for various security services, and security policies, security protocols, and feature libraries corresponding to the various security services;

[0062] The security control unit 152 is configured to analyze the security policy of the security service, gener...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an open flow table security enhancement method which can enable a security control function to be separated from a security executive function. The method includes the steps of obtaining security application corresponding to each security service, extracting security strategies, security protocols and feature libraries corresponding to the various security services from the security application, analyzing the security strategies of the security services to generate a security flow table, and creating a matching rule in the security flow table, and carrying out access control to messages and inspection for a state firewall, a security virtual private network (VPN) and deep messages according to the matching rule in the security flow table. The invention simultaneously discloses an open flow table security enhancement device. The open flow table security enhancement method and the open flow table security enhancement device can enable the security execution and the security application to be independently evolved and upgraded, and bring convenience to development of new security services, and can intensively carry out security management, resist zero-day attack, and relieve distributed denial of service attack according to the security strategies, and also support a virtualization multi-tenant security mode.

Description

technical field [0001] The invention relates to safety detection technology, in particular to an open flow table safety enhancement method and device. Background technique [0002] like figure 1 As shown, traditional security devices, such as firewalls, intrusion detection and prevention, secure virtual private networks, and unified threat management, are all integrated architectures, in which the interface board 100, security service board 102, main control board 106, and switching board 104 are Tightly coupled, usually located in a physical box; wherein, the interface board 100 provides the interface of the security device and submits the data flow to the security service board 102, and the interface board 100 is usually composed of a network processor (NP, Network Processor) or application-specific Integrated chip (ASIC, Application Specific Integrated Circuit) implementation. The security service board 102 completes functions such as access policy control, network addr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 韦银星
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products