一种安全高效的虚拟网络结构的设计与实现
发布时间:2018-10-17 19:53
【摘要】:基于互联网的云计算,以服务的方式为用户提供动态可伸缩的虚拟化资源,将其所提供的所有服务构建在动态的架构上,剥离了软件与应用环境之间的联系,使用户通过网络即可获得其所需的服务,而无须耗费时间在繁琐的计算资源管理上。资源的弹性需求是云计算的关键特征,因为不同的用户在不同的时间段所需要的资源是不同的,这就要求云计算系统支持自适应的服务资源管理机制,动态的分配虚拟资源给不同时间段的不同用户使用。传统的云计算模式下,用户所使用的虚拟计算资源都是处于云端的公共物理资源上,虽然这极大的节约了云计算平台的构建成本,但是这也使所有用户数据都处于公共的环境中,这就必然存在着数据安全方面的问题。虽然现今社会普遍采用数据加密的方式来保证数据的安全,但是这些加密方式也存在着一定的安全以及性能方面的问题。因此,针对上述存在的问题,本文设计并实现了一种安全高效的虚拟网络结构,在网络层面根据系统平台上虚拟资源的使用状况,将其划分为不同的安全域,在隔离不同安全域之间信息交互的同时,保证同一个安全域内的虚拟资源之间能够交流信息。不仅如此,本文提出的虚拟网络结构在保证安全性的同时,实现了一种基于共享内存的通信机制,使得虚拟资源能够根据其在物理平台上的实时分布状态选择不同的通信机制,大大提高了虚拟资源之间的通信性能。 本文的主要工作体现在以下几个方面: 1)设计并实现了一种安全的虚拟网络结构。在网络层面根据系统平台上虚拟资源的使用状况,将其划分为不同的安全域,安全域是彼此隔离的信息域,不同安全域之间不能够交换信息,保证安全域内的数据只能由属于该安全域的虚拟资源所共享,不会外泄到其它安全域。安全域的跨物理主机的实现。这不仅扩大了安全域的范围,使处于不同物理主机上的虚拟资源能够划分到一个安全域内,实现数据的共享,而且有着简便的实现方式,方便虚拟资源划分到不同的安全域内。同时通过虚拟资源的实时迁移功能,能够提高系统平台的可靠性。 2)根据虚拟资源在系统平台上的实时分布状况,设计并实现了一种新的通信机制,这种基于共享内存的通信机制能够提供比传统通信机制更高的通信效率,满足系统平台上对于高性能通信的需求。
[Abstract]:Internet based cloud computing provides users with dynamic and scalable virtualization resources in the form of services, builds all the services they provide on a dynamic architecture and strips the connection between software and application environment. Users can get the services they need through the network, without wasting time on the tedious computing resource management. The elastic demand of resources is the key feature of cloud computing, because different users need different resources in different time periods, which requires cloud computing systems to support adaptive service resource management mechanism. Dynamically allocate virtual resources to different users in different time periods. In the traditional cloud computing mode, the virtual computing resources used by users are all in the cloud public physical resources, although this greatly saves the construction cost of cloud computing platform. But this also makes all user data in a common environment, which is bound to have data security problems. Nowadays, data encryption is widely used to ensure the security of data, but these encryption methods also have some security and performance problems. Therefore, in view of the above problems, this paper designs and implements a secure and efficient virtual network structure, which is divided into different security domains according to the use of virtual resources on the system platform. While isolating the information exchange between different security domains, the virtual resources in the same security domain can exchange information at the same time. Moreover, the virtual network structure proposed in this paper not only guarantees the security, but also implements a communication mechanism based on shared memory, which enables virtual resources to choose different communication mechanisms according to their real-time distributed state on the physical platform. The communication performance between virtual resources is greatly improved. The main work of this paper is as follows: 1) A secure virtual network structure is designed and implemented. On the network level, virtual resources are divided into different security domains according to the use of virtual resources on the system platform. Security domains are information domains isolated from each other, and information can not be exchanged between different security domains. Ensure that the data in the security domain can only be shared by the virtual resources belonging to the security domain, and will not be leaked to other security domains. Security domain cross-physical host implementation. This not only expands the scope of the security domain, but also makes the virtual resources on different physical hosts can be divided into a security domain to share data, and has a simple way to realize the virtual resources to be divided into different security domains. At the same time, the reliability of the system platform can be improved by the real-time migration of virtual resources. 2) according to the real-time distribution of virtual resources on the system platform, a new communication mechanism is designed and implemented. The communication mechanism based on shared memory can provide higher communication efficiency than the traditional communication mechanism and meet the requirements of high performance communication on the system platform.
【学位授予单位】:北京交通大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.01
本文编号:2277777
[Abstract]:Internet based cloud computing provides users with dynamic and scalable virtualization resources in the form of services, builds all the services they provide on a dynamic architecture and strips the connection between software and application environment. Users can get the services they need through the network, without wasting time on the tedious computing resource management. The elastic demand of resources is the key feature of cloud computing, because different users need different resources in different time periods, which requires cloud computing systems to support adaptive service resource management mechanism. Dynamically allocate virtual resources to different users in different time periods. In the traditional cloud computing mode, the virtual computing resources used by users are all in the cloud public physical resources, although this greatly saves the construction cost of cloud computing platform. But this also makes all user data in a common environment, which is bound to have data security problems. Nowadays, data encryption is widely used to ensure the security of data, but these encryption methods also have some security and performance problems. Therefore, in view of the above problems, this paper designs and implements a secure and efficient virtual network structure, which is divided into different security domains according to the use of virtual resources on the system platform. While isolating the information exchange between different security domains, the virtual resources in the same security domain can exchange information at the same time. Moreover, the virtual network structure proposed in this paper not only guarantees the security, but also implements a communication mechanism based on shared memory, which enables virtual resources to choose different communication mechanisms according to their real-time distributed state on the physical platform. The communication performance between virtual resources is greatly improved. The main work of this paper is as follows: 1) A secure virtual network structure is designed and implemented. On the network level, virtual resources are divided into different security domains according to the use of virtual resources on the system platform. Security domains are information domains isolated from each other, and information can not be exchanged between different security domains. Ensure that the data in the security domain can only be shared by the virtual resources belonging to the security domain, and will not be leaked to other security domains. Security domain cross-physical host implementation. This not only expands the scope of the security domain, but also makes the virtual resources on different physical hosts can be divided into a security domain to share data, and has a simple way to realize the virtual resources to be divided into different security domains. At the same time, the reliability of the system platform can be improved by the real-time migration of virtual resources. 2) according to the real-time distribution of virtual resources on the system platform, a new communication mechanism is designed and implemented. The communication mechanism based on shared memory can provide higher communication efficiency than the traditional communication mechanism and meet the requirements of high performance communication on the system platform.
【学位授予单位】:北京交通大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.01
【参考文献】
相关期刊论文 前3条
1 郝昌泽;虚拟网技术在企业网中的应用[J];工程建设与设计;2004年11期
2 王冰;;浅谈云计算环境下用户数据的安全保护和隔离[J];硅谷;2011年15期
3 朱团结;艾丽蓉;;基于共享内存的Xen虚拟机间通信的研究[J];计算机技术与发展;2011年07期
,本文编号:2277777
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2277777.html
