NetSecCC: A scalable and fault-tolerant architecture for cloud computing security | Peer-to-Peer Networking and Applications Skip to main content
Springer Nature Link
Log in

NetSecCC: A scalable and fault-tolerant architecture for cloud computing security

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

How to ensure network security for modern virtual machine based cloud computing platforms is still an open question. This question becomes more important and urgent to solve, as the fast development of cloud computing in recent years. Though there are many existing solutions, they either provide incomplete protection or neglect important intrinsic characteristics in cloud computing. In this paper, we introduce a novel network security architecture for cloud computing (NetSecCC) considering characteristics of cloud computing. Specifically, it 1) provides protection to both external and interne traffics in cloud computing, 2) attains flexible scalability with respect to virtual middlebox load, and 3) achieves fault-tolerant among virtual middlebox failure. Experiments and simulations on our proof-of-concept prototype of NetSecCC validate that NetSecCC is an effective architecture with minimal performance overhead, and that it can be applied to extensive practical promotion in cloud computing.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Cully B, Lefebvre G, Meyer D, Feeley M, Hutchinson N, Remus A W (2008) High availability via asynchronous virtual machine replication. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, pp 161–174. San Francisco

  2. Dong M, Ota K, He L, Suguo D, Zhu H, Guo S (2013) Rendezvous: towards fast event detecting in wireless sensor and actor networks. Computing:1–16

  3. Dong M, Ota K, Lin M, Tang Z, Suguo D, Zhu H (2014) Uav-assisted data gathering in wireless sensor networks. J Supercomput:1–14

  4. Duncan AJ, Creese S, Goldsmith M (2012) Insider attacks in cloud computing. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on, pp 857–862. IEEE

  5. BIG-IP Configuring High Availability F5 Networks Inc. http://support.f5.com/kb/enus/products/big-ip_ltm/manuals/product/tmos_management_guide_10_0_0/tmos_high_avail.html

  6. Fernandes DAB, Soares LFB, Gomes JV, Freire MM, Inácio PRM (2013) Security issues in cloud environments: a survey. Int J Inf Secur:1–58

  7. IPFire. http://www.ipfire.org/

  8. Joseph D, Stoica I (2008) Modeling middleboxes. Network, IEEE 22 (5):20–25

    Article  Google Scholar 

  9. Li H, Lin X, Yang H, X Liang, Lu R, Shen X (2013) Eppdr: An efficient privacy-preserving demand response scheme with adaptive key evolution in smart grid. IEEE Trans Parallel Distrib Syst:1

  10. Li H, Rongxing L, Zhou L, Bo Y, Shen X (2013) An efficient merkle-tree-based authentication scheme for smart grid. Syst J IEEE:655–663

  11. McKeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L, Rexford J, Shenker S, Turner J (2008) Openflow: enabling innovation in campus networks. ACM SIGCOMM Comput Commun Rev 38 (2):69–74

    Article  Google Scholar 

  12. Mell P, Grance T (2011) The nist definition of cloud computing (draft). NIST Spec Publ 800 (145):7

    Google Scholar 

  13. ModSecurity. http://www.modsecurity.org/

  14. Mohammed A, Sama S, Mohammed M (2012) Enhancing Network Security in Linux Environment, PhD thesis, Halmstad University

  15. NVD. http://nvd.nist.gov/

  16. AWS [Online]. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html

  17. HackBar [Online]. https://addons.mozilla.org/en-us/firefox/addon/hackbar/

  18. IXIA [Online]. http://www.ixiacom.com/

  19. Nikto [Online]. http://www.netsecurity.com

  20. OpenSSL [Online]. http://www.openssl.org/

  21. SecaaS [Online]. https://cloudsecurityalliance.org/research/secaas/

  22. SQL Inject [Online]. https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/

  23. Tamper Data [Online]. https://addons.mozilla.org/en-us/firefox/addon/tamper-data/

  24. VMware [Online]. http://www.vmware.com/

  25. Zap [Online]. https://code.google.com/p/zaproxy/

  26. Apache HTTP Server Project[Online]. http://httpd.apache.org/

  27. McAfee SaaS Email Protection and Web Protection. http://www.mcafee.com/us/products/security-as-a-service/index.aspx

  28. Qazi ZA, Cheng-Chun T, Chiang L, Miao R, Sekar V, Minlan Y (2013) Simple-fying middlebox policy enforcement using sdn. In Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM, pp 27–38, ACM

  29. Rajagopalan S, Williams D, Jamjoom H (2013) Pico replication: a high availability framework for middleboxes. In Proceedings of the 4th annual Symposium on Cloud Computing, pp 1, ACM

  30. Rajagopalan S, Williams D, Jamjoom H, Andrew W (2013) Split/merge: System support for elastic execution in virtual middleboxes. In Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation, pp 227–240, USENIX Association

  31. Khaled S, Jose MAC, Sherali Z, Sameera A-M, Mohammed A (2013) Using cloud computing to implement a security overlay network. IEEE Secur Priv 11 (1):44–53

    Google Scholar 

  32. Sekar V, Egi N, Ratnasamy S, Reiter MK, Shi G (2012) Design and implementation of a consolidated middlebox architecture. In Proceedings NSDI

  33. Sekar V, Ratnasamy S, Reiter MK, Egi N, Shi G (2011) The middlebox manifesto: enabling innovation in middlebox deployment. In Proceedings of the 10th ACM Workshop on Hot Topics in Networks, pp 21, ACM

  34. Sherry J, Hasan S, Scott C, Krishnamurthy A, Ratnasamy S, Sekar V (2012) Making middleboxes someone else’s problem: Network processing as a cloud service. ACM SIGCOMM Comput Commun Rev 42 (4):13–24

    Article  Google Scholar 

  35. SpamAssassin. http://spamassassin.apache.org/

  36. Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34 (1):1–11

    Article  Google Scholar 

  37. Topilski N, Albrecht JR, Vahdat A (2008) Improving scalability and fault tolerance in an application management infrastructure. In LASCO

  38. High Availability Reference Guide Vyatta Inc. http://www.vyatta.com/downloads/documentation/VC6.5/Vyatta-HA_6.5R1_v01.pdf

  39. Wang Z, Chiachih W, Grace M, Jiang X (2012) Isolating commodity hosted hypervisors with hyperlock. In Proceedings of the 7th ACM european conference on Computer Systems, EuroSys ’12, pp 127–140. ACM, NY, USA

    Google Scholar 

  40. Hanqian W, Yi D, Winer C, Li Y (2010) Network security for virtual machine in cloud computing. In Computer Sciences and Convergence Information Technology (ICCIT), 2010 5th International Conference on, pp 18–21. IEEE

  41. Yue Wu, Noonan JP, Agaian S (2010) Binary data encryption using the sudoku block cipher. In Systems Man and Cybernetics (SMC), 2010 IEEE International Conference on, pp 3915–3921. IEEE

  42. Zissis D, Lekkas D (2012) Addressing cloud computing security issues. Futur Gener Comput Syst 28 (3):583–592

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Electronic Science and Technology of China (UESTC), Chengdu, 611731, People’s Republic of China

    Jin He, Minyu Fan & Guangwei Wang

  2. Department of Information and Electronic Engineering, Muroran Institute of Technology, Muroran, Japan

    Mianxiong Dong

  3. Department of Information and Electronic Engineering, Muroran Institute of Technology, Muroran, Japan

    Kaoru Ota

Authors
  1. Jin He
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mianxiong Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kaoru Ota
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Minyu Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guangwei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mianxiong Dong.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

He, J., Dong, M., Ota, K. et al. NetSecCC: A scalable and fault-tolerant architecture for cloud computing security. Peer-to-Peer Netw. Appl. 9, 67–81 (2016). https://doi.org/10.1007/s12083-014-0314-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-014-0314-y

Keywords

Search

Navigation