Title :
CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?)
Author :
Seungwon Shin ; Guofei Gu
Author_Institution :
SUCCESS Lab., Texas A&M Univ., College Station, TX, USA
fDate :
Oct. 30 2012-Nov. 2 2012
Abstract :
Cloud computing is becoming a popular paradigm. Many recent new services are based on cloud environments, and a lot of people are using cloud networks. Since many diverse hosts and network configurations coexist in a cloud network, it is essential to protect each of them in the cloud network from threats. To do this, basically, we can employ existing network security devices, but applying them to a cloud network requires more considerations for its complexity, dynamism, and diversity. In this paper, we propose a new framework, CloudWatcher, which provides monitoring services for large and dynamic cloud networks. This framework automatically detours network packets to be inspected by pre-installed network security devices. In addition, all these operations can be implemented by writing a simple policy script, thus, a cloud network administrator is able to protect his cloud network easily. We have implemented the proposed framework, and evaluated it on different test network environments.
Keywords :
cloud computing; computer network security; CloudWatcher framework; OpenFlow; cloud computing; cloud environment; cloud network administrator; dynamic cloud network; network packet; network security device; network security monitoring; policy script; security monitoring-as-a-service; Algorithm design and analysis; Cloud computing; Monitoring; Network topology; Routing; Security; Virtual machining;
Conference_Titel :
Network Protocols (ICNP), 2012 20th IEEE International Conference on
Conference_Location :
Austin, TX
Print_ISBN :
978-1-4673-2445-8
Electronic_ISBN :
978-1-4673-2446-5
DOI :
10.1109/ICNP.2012.6459946
