当前位置:
X-MOL 学术
›
IEEE Trans. Netw. Serv. Manag.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Intrinsic Security and Self-Adaptive Cooperative Protection Enabling Cloud Native Network Slicing
IEEE Transactions on Network and Service Management ( IF 5.3 ) Pub Date : 2021-04-08 , DOI: 10.1109/tnsm.2021.3071774 Wu Qiang , Wu Chunming , Yan Xincheng , Cheng Qiumei
IEEE Transactions on Network and Service Management ( IF 5.3 ) Pub Date : 2021-04-08 , DOI: 10.1109/tnsm.2021.3071774 Wu Qiang , Wu Chunming , Yan Xincheng , Cheng Qiumei
With the emergence of cloud native technology, the network slicing enables automatic service orchestration, flexible network scheduling and scalable network resource allocation, which profoundly affects the traditional security solution. Security is regarded as a technology independent of the cloud native architecture in the initial design, traditional passive defense such as “reinforced” and “stacked” is relied on to achieve system security protection. The lack of intrinsic security mechanisms makes the system capability insufficient when faces the uncertain threat brought by vulnerabilities and backdoors under the ecosystem of opening-up and sharing. The static nature of existing networks and computing systems makes them easy to be compromised and hard to defend, and thus it is urgent to provide intrinsic security and proactive protection against the unpredictable attacks. To this end, this paper proposes a novel paradigm named intrinsic cloud security (iCS) from the perspective of dynamic defense. The dynamic defense provides component-level security, and has complementary and consistency with the cloud native environment. In particular, iCS introduces mimic defense and moving target defense (MTD), and makes full use of the new features introduced by cloud native to implement an intrinsic and proactive defense mechanism with acceptable costs and efficiency. The iCS paradigm achieves seamless integration and symbiosis evolution between security and cloud native. We implement a trial of iCS based on 5GC commercial system and evaluate its performance on costs, efficiency and attack success. The result shows that the iCS enhanced mode always can provide a better and more stable defense effects.
中文翻译:
内在安全和自适应协同保护使能云原生网络切片
随着云原生技术的出现,网络切片实现了业务的自动编排、灵活的网络调度和可扩展的网络资源分配,深刻影响了传统的安全解决方案。安全在最初的设计中被视为独立于云原生架构的一项技术,依靠“加固”、“堆叠”等传统被动防御来实现系统安全防护。内在安全机制的缺失,使得系统在开放共享的生态系统下,面对漏洞和后门带来的不确定威胁时,能力不足。现有网络和计算系统的静态特性使它们很容易被攻破和难以防御,因此,迫切需要针对不可预测的攻击提供内在的安全性和主动保护。为此,本文从动态防御的角度提出了一种名为内在云安全(iCS)的新范式。动态防御提供组件级的安全性,与云原生环境具有互补性和一致性。特别是iCS引入了拟态防御和移动目标防御(MTD),充分利用了云原生引入的新特性,以可接受的成本和效率实现了内在的主动防御机制。iCS 范式实现了安全和云原生之间的无缝集成和共生演进。我们实施了基于 5GC 商用系统的 iCS 试验,并评估其在成本、效率和攻击成功方面的性能。
更新日期:2021-06-11
中文翻译:
内在安全和自适应协同保护使能云原生网络切片
随着云原生技术的出现,网络切片实现了业务的自动编排、灵活的网络调度和可扩展的网络资源分配,深刻影响了传统的安全解决方案。安全在最初的设计中被视为独立于云原生架构的一项技术,依靠“加固”、“堆叠”等传统被动防御来实现系统安全防护。内在安全机制的缺失,使得系统在开放共享的生态系统下,面对漏洞和后门带来的不确定威胁时,能力不足。现有网络和计算系统的静态特性使它们很容易被攻破和难以防御,因此,迫切需要针对不可预测的攻击提供内在的安全性和主动保护。为此,本文从动态防御的角度提出了一种名为内在云安全(iCS)的新范式。动态防御提供组件级的安全性,与云原生环境具有互补性和一致性。特别是iCS引入了拟态防御和移动目标防御(MTD),充分利用了云原生引入的新特性,以可接受的成本和效率实现了内在的主动防御机制。iCS 范式实现了安全和云原生之间的无缝集成和共生演进。我们实施了基于 5GC 商用系统的 iCS 试验,并评估其在成本、效率和攻击成功方面的性能。
京公网安备 11010802027423号