植基於虛擬化技術之網路安全縱深防禦架構

本篇論文所提出的一個植基於虛擬化技術之網路安全縱深防禦架構解決方案，可以有效的降低企業在部署縱深防禦架構上之成本並且提高電腦資源之使用率。另外本篇論文也將針對傳統縱深防禦架構、整合威脅管理系統及本研究所提之虛擬化縱深防禦架構做一綜合性的深入研究，並比較其優缺點，另外也針對上述架構進行網路效能測試之分析探討。冀望本篇論文能對虛擬化網路安全相關研究以及企業內部的縱深防禦建置提供貢獻。

關鍵字

縱深防禦；虛擬化；效能測試；網路安全

並列摘要

In this paper, we propose a solution “Network Security Defense-in-Depth Architecture based on Virtualization Technology” that can effectively reduce cost of the deployment of defense in depth and increase the usage of computer resources. Further, this paper will also compare their advantages and disadvantages for the traditional defense in depth architecture, Unified threat management and our solution. While also analysis their network performance. We hope this paper can provide a contribution in virtualization network security research and the defense in depth research.

並列關鍵字

Defense-in-Depth ； Virtualization ； Performance Benchmark ； Network Security

參考文獻

[1] D. Kewley, J. Lowry, “Observations on the effects of defense in depth on adversary behavior in cyber warfare”, Proceedings of the IEEE SMC Information Assurance Workshop, West Point, New York, June 2001.

[2] Neiger, G., A. Santoni, F. Leung, D. Rodgers, and R. Uhlig, Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization. Intel Technology Journal, 10 August 2006. 10(03): p. 167-178.

[4] Y. Koh, C. Pu, Y. Shinjo, H. Eiraku, G. Saito, D. Nobori, “Improving Virtualized Windows Network Performance by Delegating Network Processing”, In Proceedings of the IEEE Conference on Network Computing and Applications (NCA), 2009.

[9] Bhattacharya, S.P., Apte, V, “A Measurement Study of the Linux TCP/IP Stack Performance and Scalability on SMP systems”, In Proceedings of the 1st International Conference on COMmunication Systems softWAre and middlewaRE (COMSWARE), New Delhi (2006).

[11] R. P. Lippmann et al, “Validating and restoring defense in depth using attack graphs”, In Proceedings of MILCOM 2006, Washington, DC.

國際替代計量

植基於虛擬化技術之網路安全縱深防禦架構

全文下載

主題瀏覽