On the research and implementation of IaaS network security architecture

An extensive review on existing implementations of IaaS was conducted and the network security requirements of IaaS were identified. A mechanism for dynamic cloud network security was proposed, which is built on top of VLAN, Bridge, Iptables and network virtualization technology. The proposed mechanism is able to dynamically divide the virtual network of an IaaS cloud into several isolated networks, with each isolated network has its network data being confined within its own network perimeter. The dynamics of the isolated networks fits into the need of cloud computing where virtual machines may migrate from one physical machine to another at runtime. The isolation enforces the network security to a level similar to the physical networks where network perimeters are imposed by physical ports. The proposed mechanism enables network security built independent of physical network.