SCALABLE ARCHITECTURE OF NETWORK SECURITY SYSTEMS

Abstract

As a rule, certified means of ensuring network security are highly specialized complexes with a constant hardware and software platform. The main disadvantage of this architecture is the impossibility of transparent scaling of devices when the computing power of the network increases. In addition, the development and support of such a complex is complicated, as the hardware platform quickly becomes obsolete, which results in the necessity for replacing it, which means that the software components for the support of new equipment need to be improved. The paper describes the scalable architecture of network security systems, allowing manufacturers to simplify the process of updating and developing information security tools. The main feature of the new architecture is the focus on the provision of a set of specialized micro-services. It is based on the principles of virtualization of network functions and it uses the concept of a unified trusted software and hardware platform. Each network function runs on a hardware and software platform running by the hypervisor operating system. It is clear that in the case of certification for the security requirements of the final products, it is necessary to ensure confidence in the hardware platform, operating system and hypervisor. However, the architecture requires unification of the software and hardware platform for all network functions. This makes it easier for developers to support end-products. Thanks to a single trusted platform, the architecture allows simplifying certification procedures for information security requirements in the process of supporting and developing the final product. Load balancing and architecture consistency are provided by means of implementing the technology of decentralized distributed registries (blockchain).

Author Biographies

Oleg Yurevich Guzev, JSC “InfoTeCS”

Researcher, Research and Development Center, Ph.D. (Engineering)

Ivan Vladimirovich Chizhov, Lomonosov Moscow State University; Federal Research Center «Computer Science and Control» of Russian Academy of Sciences

Associate Professor, Department of Information Security, Faculty of Computational Mathematics and Cybernetics; Senior Scientist, Institute of Informatics Problems, Ph.D. (Phys.-Math.)

References

[1] Kim H., Feamster N. Improving network management with software defined networking. IEEE Communications Magazine. 2013; 51(2):114-119. (In Eng.) DOI: 10.1109/MCOM.2013.6461195
[2] Kreutz D., Ramos F. M. V., Verissimo P., Rothenberg C.E., Azodolmolky S., Uhlig S. Software-Defined Networking: A Comprehensive Survey. Proceedings of the IEEE. 2015; 103(1):14-76. (In Eng.) DOI: 10.1109/JPROC.2014.2371999
[3] Feamster N., Balakrishnan H. Detecting BGP configuration faults with static analysis. Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation. Vol. 2 (NSDI'05). Vol. 2. USENIX Association, Berkeley, CA, USA, 2005, pp. 43-56. (In Eng.)
[4] Nazarov M.A. Definitions, concept sand architecture of Software Defined Networking – SDN. Informatization and communication. 2015; 4:82-87. Available at: https://elibrary.ru/item.asp?id=24853434 (accessed 21.12.2018). (In Russ.)
[5] Shalimov A., Zuikov D., Zimarina D., Pashkov V., Smeliansky R. Advanced study of SDN/OpenFlow controllers. Proceedings of the 9th Central & Eastern European Software Engineering Conference in Russia (CEE-SECR '13). ACM, New York, NY, USA, 2013. Article 1, 6 p. (In Eng.) DOI: 10.1145/2556610.2556621
[6] Nuopponen A., Vaarala S., Virtanen T. IPsec Clustering. In: Deswarte Y., Cuppens F., Jajodia S., Wang L. (eds) Security and Protection in Information Processing Systems. SEC 2004. IFIP – The International Federation for Information Processing, vol. 147. Springer, Boston, MA, 2004; 147:367-379. (In Eng.) DOI: 10.1007/1-4020-8143-X_24
[7] Alvarenga I.D., Rebello G.A. F., Duarte O.C.M.B. Securing configuration management and migration of virtual network functions using blockchain. NOMS 2018 – 2018 IEEE/IFIP Network Operations and Management Symposium. Taipei, 2018, pp. 1-9. (In Eng.) DOI: 10.1109/NOMS.2018.8406249
Published
2019-04-19
How to Cite
GUZEV, Oleg Yurevich; CHIZHOV, Ivan Vladimirovich. SCALABLE ARCHITECTURE OF NETWORK SECURITY SYSTEMS. Modern Information Technologies and IT-Education, [S.l.], v. 15, n. 1, p. 154-163, apr. 2019. ISSN 2411-1473. Available at: <http://sitito.cs.msu.ru/index.php/SITITO/article/view/495>. Date accessed: 16 sep. 2025. doi: https://doi.org/10.25559/SITITO.15.201901.154-163.
Section
Research and development in the field of new IT and their applications