An SDN-based Approach to Protect Communication Between Virtual Machines

摘要

As a result of the increasing virtualization of computer systems, areas arise in corporate networks and cloud environments that are insufficiently supervised by established security mechanisms, such as firewalls or network monitoring. Conventional firewalls cannot protect Virtual Machines (VMs) because the communication between them runs only within the virtualization server/host. Thus, virtualized systems represent blind spots for network monitoring. They are particularly susceptible to attacks on the data link and network layers (L2/L3 attacks). Software-Defined Networking (SDN) provides the opportunity to better control communication relationships. In this paper, we present an SDN-based approach to protect the communication between VMs on a virtualization host which preserves the multi-gigabit throughput of interconnected VMs.