Advertisement

PNSICC: A Novel Parallel Network Security Inspection Mechanism Based on Cloud Computing

  • Jin HeEmail author
  • Mianxiong Dong
  • Kaoru Ota
  • Minyu Fan
  • Guangwei Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9531)

Abstract

As we all know, application firewall provides in-depth inspection to ensure application-layer security services, but brings a serious decline for network performance of application service, even more serious impact on service usability, worse, in the face of increasingly complex and diverse network application services that require an integrated network security protection, different types of application firewall collaborate together to ensure security use of integrated services, but multiple application firewalls lead to more serious performance problems than a single one. Recent efforts have provided a large number of optimization measures and algorithms, what is more, have offered a lot of new security architecture for application firewalls, unfortunately, most of them did not achieve the desired results. We have proposed a novel architecture that combines the characteristics of cloud computing, namely, parallel network security inspection Mechanism based on cloud computing (PNSICC) that is able to addresses performance problems for multiple intertwined application firewalls that protect network security of integrated service. PNSICC not only provides effective network security protections for the protected objects, but also has greatly improved security inspection efficiency. We have proved by experiments that our scheme is an effective and efficient method.

Keywords

Security meta-group SW UTM PNSICC Delay Throughput Loss rate 

Notes

Acknowledgments

This work is partially supported by JSPS KAKENHI Grant Number 26730056, 15K15976, JSPS A3 Foresight Program.

References

  1. 1.
    Al-Aqrabi, H., Liu, L., Xu, J., Hill, R., Antonopoulos, N., Zhan, Y.: Investigation of it security and compliance challenges in security-as-a-service for cloud computing. In: 2012 15th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW), pp. 124–129. IEEE (2012)Google Scholar
  2. 2.
    Ali, S., Lawati, M.H.A., Naqvi, S.J.: Unified threat management system approach for securing SME’s network infrastructure. In: 2012 IEEE Ninth International Conference on e-Business Engineering (ICEBE), pp. 170–176. IEEE (2012)Google Scholar
  3. 3.
    Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., et al.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)CrossRefGoogle Scholar
  4. 4.
    Aziz, A., Zafran, M., Ibrahim, M.Y., Omar, A.M., Ab Rahman, R., Zan, M., Mahfudz, M., Yusof, M.I.: Performance analysis of application layer firewall. In: 2012 IEEE Symposium on Wireless Technology and Applications (ISWTA), pp. 182–186. IEEE (2012)Google Scholar
  5. 5.
    Chao, Y., Bingyao, C., Jiaying, D., Wei, G.: The research and implementation of UTM. In: IET International Communication Conference on Wireless Mobile and Computing (CCWMC 2009), pp. 389–392. IET (2009)Google Scholar
  6. 6.
  7. 7.
    Dong, M., Li, H., Ota, K., Yang, L.T., Zhu, H.: Multicloud-based evacuation services for emergency management. IEEE Cloud Comput. 1(4), 50–59 (2014). http://dx.doi.org/10.1109/MCC.2014.85 CrossRefGoogle Scholar
  8. 8.
    Dong, M., Li, H., Ota, K., Zhu, H.: HVSTO: efficient privacy preserving hybrid storage in cloud data center. In: 2014 Proceedings IEEE INFOCOM Workshops, Toronto, ON, Canada, 27 April - 2 May 2014, pp. 529–534 (2014). http://dx.doi.org/10.1109/INFCOMW.2014.6849287
  9. 9.
    He, J., Dong, M., Ota, K., Fan, M., Wang, G.: NetSecCC: A scalable and fault-tolerant architecture for cloud computing security. Peer-to-Peer Netw. Appl., pp. 1–15 (2014)Google Scholar
  10. 10.
    He, J., Dong, M., Ota, K., Fan, M., Wang, G.: NSCC: Self-service network security architecture for cloud computing. In: 2014 IEEE 17th International Conference on Computational Science and Engineering (CSE), pp. 444–449. IEEE (2014)Google Scholar
  11. 11.
    Mauch, V., Kunze, M., Hillenbrand, M.: High performance cloud computing. Future Gener. Comput. Syst. 29, 1408–1416 (2012)CrossRefGoogle Scholar
  12. 12.
    Nassar, S., El-Sayed, A., Aiad, N.: Improve the network performance by using parallel firewalls. In: 2010 6th International Conference on Networked Computing (INC), pp. 1–5. IEEE (2010)Google Scholar
  13. 13.
  14. 14.
    Nguyen, A., Raj, H., Rayanchu, S., Saroiu, S., Wolman, A.: Delusional boot: securing hypervisors without massive re-engineering. In: Proceedings of the 7th ACM European Conference on Computer Systems, EuroSys 2012, pp. 141–154. ACM, New York (2012). http://doi.acm.org/10.1145/2168836.2168851
  15. 15.
  16. 16.
  17. 17.
  18. 18.
  19. 19.
    Salah, K., Calero, A.J., Zeadally, S., Almulla, S., ZAaabi, M.: Using cloud computing to implement a security overlay network. IEEE Secur. Priv. 11, 44–53 (2012)Google Scholar
  20. 20.
    Sekar, V., Egi, N., Ratnasamy, S., Reiter, M.K., Shi, G.: Design and implementation of a consolidated middlebox architecture. In: Proceedings of NSDI (2012)Google Scholar
  21. 21.
    Sherry, J., Hasan, S., Scott, C., Krishnamurthy, A., Ratnasamy, S., Sekar, V.: Making middleboxes someone else’s problem: network processing as a cloud service. ACM SIGCOMM Comput. Commun. Rev. 42(4), 13–24 (2012)CrossRefGoogle Scholar
  22. 22.
  23. 23.
  24. 24.
    Szefer, J., Lee, R.B.: Architectural support for hypervisor-secure virtualization. SIGARCH Comput. Archit. News 40(1), 437–450 (2012). http://doi.acm.org/10.1145/2189750.2151022 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Jin He
    • 1
    Email author
  • Mianxiong Dong
    • 2
  • Kaoru Ota
    • 2
  • Minyu Fan
    • 1
  • Guangwei Wang
    • 1
  1. 1.Department of Computer ScienceUniversity of Electronic Science and Technology of ChinaChengduPeople’s Republic of China
  2. 2.Department of Information and Electronic EngineeringMuroran Institute of TechnologyMuroranJapan

Personalised recommendations