Distributed and Cooperative firewall/controller in cloud environments

In recent years, the work environments such as the cloud and Internet of Things (IoT) have become more sophisticated, and for proof, the access control network has become very important. To adapt to changing environments, in cloud computing, access network verification is an important requirement for researchers to integrate traditional verification using virtual firewalls. Virtual firewall is an effective static verification method, but existing problems at the access network in cloud environments remain unresolved. In this paper, we propose a cooperative firewall framework that applies a model in a complex topology like cloud computing to enable a verification access network. The proposed framework consists of the design of a cooperative firewall in cloud computing using a new partition for the topology and a sequential finite state machine (Se-FSM ) representing the migration rules between existing and distributed firewalls. The evaluation of the proposed framework is performed using the NeSSi2 tool, where the results show that the proposed method not only is promising in terms of delay and blocking rate but also can detect the DDoS attacks.

[1]  Jianxin Li,et al.  Eagle+: A fast incremental approach to automaton and table online updates for cloud services , 2018, Future Gener. Comput. Syst..

[2]  Sahin Albayrak,et al.  Application-level Simulation for Network Security , 2010, Simul..

[3]  Angelos D. Keromytis,et al.  Implementing a distributed firewall , 2000, CCS.

[4]  Raouf Boutaba,et al.  Analytical Model for Elastic Scaling of Cloud-Based Firewalls , 2017, IEEE Transactions on Network and Service Management.

[5]  Kenli Li,et al.  A New RBAC Based Access Control Model for Cloud Computing , 2012, GPC.

[6]  Yao Zhi-qiang Access control model based on RBAC in cloud computing , 2012 .

[7]  Doo-Kwon Baik,et al.  RINGA: Design and verification of finite state machine for self-adaptive software at runtime , 2018, Inf. Softw. Technol..

[8]  Xiang-Yang Li,et al.  Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption , 2015, IEEE Trans. Inf. Forensics Secur..

[9]  Ben-Jye Chang,et al.  Reward-based Markov chain analysis adaptive global resource management for inter-cloud computing , 2018, Future Gener. Comput. Syst..

[10]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[11]  J. Lane Thames,et al.  A distributed firewall and active response architecture providing preemptive protection , 2008, ACM-SE 46.

[12]  Phuoc Tran-Gia,et al.  A priori state synchronization for fast failover of stateful firewall VNFs , 2017, 2017 International Conference on Networked Systems (NetSys).

[13]  Keichi Takahashi,et al.  Network Access Control Towards Fully-Controlled Cloud Infrastructure , 2016, 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).

[14]  Abdul Raouf Khan,et al.  ACCESS CONTROL IN CLOUD COMPUTING ENVIRONMENT , 2012 .