Security architecture system for realizing software definition security and security controller

A technology for security controllers and network controllers, applied in transmission systems, electrical components, etc., which can solve problems such as inapplicability of security products, blurring and virtualization of network boundaries, and complex anti-DDoS attack strategies

Active Publication Date: 2014-10-29
BEIJING UNIV OF POSTS & TELECOMM +1
View PDF1 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Although software-defined networking and Network Function Virtualization (NFV, Network Function Virtualization) have many advantages, they blur and virtualize network boundaries, making many traditional security products unsuitable
[0005] For example, in the current DDoS attack, the attacker generally attacks a single server, but in a virtualized environment, due to the fixed physical bandwidth, the attacker may attack multiple virtual machines (VMs) of a tenant, but each VM The traffic will not exceed the predetermined threshold, so when dealing with such attacks, the security application (Security Application) needs to consider the environmental requirements of multi-tenants in the virtualized cloud environment when making fine-grained security protection decisions, which also makes the security decision process compared with traditional The anti-DDoS attack strategy is more complex

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security architecture system for realizing software definition security and security controller
  • Security architecture system for realizing software definition security and security controller
  • Security architecture system for realizing software definition security and security controller

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The safety controller and the safety framework system provided with the safety controller provided by the embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

[0028] Please refer to figure 1 , a security controller 1 a of the present invention, which includes a management module 10 a, an event scheduling module 11 , a stream polling module 13 and a stream monitoring module 14 . The management module 10a provides at least one security device 4 or at least one security application 3 for registration. The event scheduling module 11 generates a subscription trigger condition according to the at least one registered security application. The stream polling module 13 polls a network controller 2 to obtain data streams. The flow monitoring module 14 detects the acquired data flow according to the subscription trigger condition. The event scheduling module 11 generates an execution policy event according to the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a security architecture system for realizing software definition security and a security controller. The security controller comprises a management module, an event scheduling module, a polling module and a flow monitoring module, wherein the management module is used for providing at least one piece of security equipment or at least one security application for registration; the polling module is used for polling a network controller to acquire data flow; the flow monitoring module is used for detecting the data flow according to a triggering condition; the event scheduling module is used for generating an execution strategy event according to the detection result of the triggering condition.

Description

technical field [0001] The invention relates to a computer network architecture, in particular to a computer network security controller and a security architecture system with the security controller. Background technique [0002] Software-Defined Networking (SDN, Software-Defined Networking) reconstructs the network in the form of software, subverting the existing communication and management mode of the network, and has received more and more attention in the industry and academia in recent years. Separate data forwarding from routing control, and use a program to re-plan the network in a centrally controlled manner to effectively control network traffic. [0003] Software-defined security adopts the design idea of ​​SDN architecture, separates the secure control plane and data plane, realizes the reconstruction of security services through the programmability provided by the control plane, and maximizes the security opportunities brought by SDN. [0004] Although softwa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 裘晓峰刘文懋赵粮陈鹏程文旭涛高腾何新新任秋峥
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap