SCALABLE ARCHITECTURE OF NETWORK SECURITY SYSTEMS

DOI: https://doi.org/10.25559/SITITO.15.201901.154-163

Abstract

As a rule, certified means of ensuring network security are highly specialized complexes with a constant hardware and software platform. The main disadvantage of this architecture is the impossibility of transparent scaling of devices when the computing power of the network increases. In addition, the development and support of such a complex is complicated, as the hardware platform quickly becomes obsolete, which results in the necessity for replacing it, which means that the software components for the support of new equipment need to be improved. The paper describes the scalable architecture of network security systems, allowing manufacturers to simplify the process of updating and developing information security tools. The main feature of the new architecture is the focus on the provision of a set of specialized micro-services. It is based on the principles of virtualization of network functions and it uses the concept of a unified trusted software and hardware platform. Each network function runs on a hardware and software platform running by the hypervisor operating system. It is clear that in the case of certification for the security requirements of the final products, it is necessary to ensure confidence in the hardware platform, operating system and hypervisor. However, the architecture requires unification of the software and hardware platform for all network functions. This makes it easier for developers to support end-products. Thanks to a single trusted platform, the architecture allows simplifying certification procedures for information security requirements in the process of supporting and developing the final product. Load balancing and architecture consistency are provided by means of implementing the technology of decentralized distributed registries (blockchain).

Author Biographies

Oleg Yurevich Guzev, JSC “InfoTeCS”

Researcher, Research and Development Center, Ph.D. (Engineering)

Ivan Vladimirovich Chizhov, Lomonosov Moscow State University; Federal Research Center «Computer Science and Control» of Russian Academy of Sciences

Associate Professor, Department of Information Security, Faculty of Computational Mathematics and Cybernetics; Senior Scientist, Institute of Informatics Problems, Ph.D. (Phys.-Math.)

References

[1] Kim H., Feamster N. Improving network management with software defined networking. IEEE Communications Magazine. 2013; 51(2):114-119. (In Eng.) DOI: 10.1109/MCOM.2013.6461195
[2] Kreutz D., Ramos F. M. V., Verissimo P., Rothenberg C.E., Azodolmolky S., Uhlig S. Software-Defined Networking: A Comprehensive Survey. Proceedings of the IEEE. 2015; 103(1):14-76. (In Eng.) DOI: 10.1109/JPROC.2014.2371999
[3] Feamster N., Balakrishnan H. Detecting BGP configuration faults with static analysis. Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation. Vol. 2 (NSDI'05). Vol. 2. USENIX Association, Berkeley, CA, USA, 2005, pp. 43-56. (In Eng.)
[4] Nazarov M.A. Definitions, concept sand architecture of Software Defined Networking – SDN. Informatization and communication. 2015; 4:82-87. Available at: https://elibrary.ru/item.asp?id=24853434 (accessed 21.12.2018). (In Russ.)
[5] Shalimov A., Zuikov D., Zimarina D., Pashkov V., Smeliansky R. Advanced study of SDN/OpenFlow controllers. Proceedings of the 9th Central & Eastern European Software Engineering Conference in Russia (CEE-SECR '13). ACM, New York, NY, USA, 2013. Article 1, 6 p. (In Eng.) DOI: 10.1145/2556610.2556621
[6] Nuopponen A., Vaarala S., Virtanen T. IPsec Clustering. In: Deswarte Y., Cuppens F., Jajodia S., Wang L. (eds) Security and Protection in Information Processing Systems. SEC 2004. IFIP – The International Federation for Information Processing, vol. 147. Springer, Boston, MA, 2004; 147:367-379. (In Eng.) DOI: 10.1007/1-4020-8143-X_24
[7] Alvarenga I.D., Rebello G.A. F., Duarte O.C.M.B. Securing configuration management and migration of virtual network functions using blockchain. NOMS 2018 – 2018 IEEE/IFIP Network Operations and Management Symposium. Taipei, 2018, pp. 1-9. (In Eng.) DOI: 10.1109/NOMS.2018.8406249
Published
2019-04-19
How to Cite
GUZEV, Oleg Yurevich; CHIZHOV, Ivan Vladimirovich. SCALABLE ARCHITECTURE OF NETWORK SECURITY SYSTEMS. Modern Information Technologies and IT-Education, [S.l.], v. 15, n. 1, p. 154-163, apr. 2019. ISSN 2411-1473. Available at: <http://sitito.cs.msu.ru/index.php/SITITO/article/view/495>. Date accessed: 18 sep. 2025. doi: https://doi.org/10.25559/SITITO.15.201901.154-163.
Citation Formats
Issue
Vol 15 No 1 (2019): Modern Information Technology and IT-education
Section
Research and development in the field of new IT and their applications
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Publication policy of the journal is based on traditional ethical principles of the Russian scientific periodicals and is built in terms of ethical norms of editors and publishers work stated in Code of Conduct and Best Practice Guidelines for Journal Editors and Code of Conduct for Journal Publishers, developed by the Committee on Publication Ethics (COPE). In the course of publishing editorial board of the journal is led by international rules for copyright protection, statutory regulations of the Russian Federation as well as international standards of publishing. 
Authors publishing articles in this journal agree to the following: They retain copyright and grant the journal right of first publication of the work, which is automatically licensed under the Creative Commons Attribution License (CC BY license). Users can use, reuse and build upon the material published in this journal provided that such uses are fully attributed.