SCALABLE ARCHITECTURE OF NETWORK SECURITY SYSTEMS
Abstract
As a rule, certified means of ensuring network security are highly specialized complexes with a constant hardware and software platform. The main disadvantage of this architecture is the impossibility of transparent scaling of devices when the computing power of the network increases. In addition, the development and support of such a complex is complicated, as the hardware platform quickly becomes obsolete, which results in the necessity for replacing it, which means that the software components for the support of new equipment need to be improved. The paper describes the scalable architecture of network security systems, allowing manufacturers to simplify the process of updating and developing information security tools. The main feature of the new architecture is the focus on the provision of a set of specialized micro-services. It is based on the principles of virtualization of network functions and it uses the concept of a unified trusted software and hardware platform. Each network function runs on a hardware and software platform running by the hypervisor operating system. It is clear that in the case of certification for the security requirements of the final products, it is necessary to ensure confidence in the hardware platform, operating system and hypervisor. However, the architecture requires unification of the software and hardware platform for all network functions. This makes it easier for developers to support end-products. Thanks to a single trusted platform, the architecture allows simplifying certification procedures for information security requirements in the process of supporting and developing the final product. Load balancing and architecture consistency are provided by means of implementing the technology of decentralized distributed registries (blockchain).
References
[2] Kreutz D., Ramos F. M. V., Verissimo P., Rothenberg C.E., Azodolmolky S., Uhlig S. Software-Defined Networking: A Comprehensive Survey. Proceedings of the IEEE. 2015; 103(1):14-76. (In Eng.) DOI: 10.1109/JPROC.2014.2371999
[3] Feamster N., Balakrishnan H. Detecting BGP configuration faults with static analysis. Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation. Vol. 2 (NSDI'05). Vol. 2. USENIX Association, Berkeley, CA, USA, 2005, pp. 43-56. (In Eng.)
[4] Nazarov M.A. Definitions, concept sand architecture of Software Defined Networking – SDN. Informatization and communication. 2015; 4:82-87. Available at: https://elibrary.ru/item.asp?id=24853434 (accessed 21.12.2018). (In Russ.)
[5] Shalimov A., Zuikov D., Zimarina D., Pashkov V., Smeliansky R. Advanced study of SDN/OpenFlow controllers. Proceedings of the 9th Central & Eastern European Software Engineering Conference in Russia (CEE-SECR '13). ACM, New York, NY, USA, 2013. Article 1, 6 p. (In Eng.) DOI: 10.1145/2556610.2556621
[6] Nuopponen A., Vaarala S., Virtanen T. IPsec Clustering. In: Deswarte Y., Cuppens F., Jajodia S., Wang L. (eds) Security and Protection in Information Processing Systems. SEC 2004. IFIP – The International Federation for Information Processing, vol. 147. Springer, Boston, MA, 2004; 147:367-379. (In Eng.) DOI: 10.1007/1-4020-8143-X_24
[7] Alvarenga I.D., Rebello G.A. F., Duarte O.C.M.B. Securing configuration management and migration of virtual network functions using blockchain. NOMS 2018 – 2018 IEEE/IFIP Network Operations and Management Symposium. Taipei, 2018, pp. 1-9. (In Eng.) DOI: 10.1109/NOMS.2018.8406249

This work is licensed under a Creative Commons Attribution 4.0 International License.
Publication policy of the journal is based on traditional ethical principles of the Russian scientific periodicals and is built in terms of ethical norms of editors and publishers work stated in Code of Conduct and Best Practice Guidelines for Journal Editors and Code of Conduct for Journal Publishers, developed by the Committee on Publication Ethics (COPE). In the course of publishing editorial board of the journal is led by international rules for copyright protection, statutory regulations of the Russian Federation as well as international standards of publishing.
Authors publishing articles in this journal agree to the following: They retain copyright and grant the journal right of first publication of the work, which is automatically licensed under the Creative Commons Attribution License (CC BY license). Users can use, reuse and build upon the material published in this journal provided that such uses are fully attributed.