CN114615000A - Safety protection method, device and system for edge computing APP - Google Patents
Safety protection method, device and system for edge computing APP Download PDFInfo
- Publication number
- CN114615000A CN114615000A CN202011409859.XA CN202011409859A CN114615000A CN 114615000 A CN114615000 A CN 114615000A CN 202011409859 A CN202011409859 A CN 202011409859A CN 114615000 A CN114615000 A CN 114615000A
- Authority
- CN
- China
- Prior art keywords
- security
- edge computing
- app
- service request
- vsf
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 230000004044 response Effects 0.000 claims abstract description 92
- 230000006870 function Effects 0.000 claims description 26
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 11
- 238000005516 engineering process Methods 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 210000001503 joint Anatomy 0.000 description 3
- 230000000737 periodic effect Effects 0.000 description 3
- 210000003311 CFU-EM Anatomy 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a safety protection method, device and system for an edge computing APP, and belongs to the technical field of communication. The safety protection method of the edge computing APP comprises the following steps: receiving a security service request sent by an MEP; selecting VSFs needing to be instantiated according to the safety protection types, and sending requests of instantiating the VSFs to the MEOs; receiving an instantiation result returned by the MEO, wherein the instantiation result carries the vnfInstanceID of the instantiated VSF; sending the vnfInstanceID of the instantiated VSF and the security protection policy to an Operation and Maintenance Center (OMC), so that the OMC sends the security protection policy to the instantiated VSF; returning a security service request response to the MEP. The technical scheme of the invention can realize the safety protection of the APP on the edge computing node.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method, an apparatus, and a system for security protection of an edge computing APP.
Background
With the network cloud of operators and the gradual commercial use of 5G, edge computing has gained wide attention in the industry as an important technology meeting the requirements of low time delay and high bandwidth in the vertical industry, and various large operators, internet manufacturers, cloud providers and the like are all researching how to utilize the infrastructure such as the existing computer room at the edge and the like to provide computing, storage and network bandwidth computing close to users so as to realize network value increase. The European Telecommunications Standardization Institute (ETSI) established the MEC (mobile Edge Computing Industry Specification group) working group 9.2014, and 2016 extended the MEC concept to (Multi-Access Edge Computing). According to the definition of ETSI, the MEC technology mainly refers to the deployment of a general server at a position close to a user (such as a wireless access side and the edge of a core network), and provides cloud computing capability. ETSI issued ETSI GS MEC 003[1] at month 2016 and defined a framework and a reference frame for mobile edge computing, as shown in FIG. 1, wherein CFS (client-facility) portal is a User-oriented Service portal, device app is a Service application, User app LCM proxy is a User application lifecycle agent, operations support system is an operation support system, Multi-access edge scheduler is a Multi-access edge scheduler, MEC system level is MEC system level, MEC host level is MEC host level, MEC platform manager is MEC platform management, MEC platform element management is MEC platform element management, MEC rules & levels are mobile edge application rule requirement management, MEC lifecycle app is mobile edge application lifecycle management, video Service management is a virtual Service manager, and MEC virtual traffic management is a MEC virtual resource management, DNS handling is DNS processing, MEC platform is other MEC platforms, MEC app is MEC application, data plane is data plane, virtualization infrastructure is virtual resource, other MEC platform is other MEC platform, other MEC host is other MEC host.
In this architecture the MEC platform (MEP) provides the MEC app with routing rule control, DNS services, etc. The MEC app may be the operator's own app or may be a third party app hosted at the operator infrastructure. The MEC platform manager (MEPM) manages MEPs and MEC app life cycles. The Multi-access edge editor (MEO) is responsible for orchestrating resources for edge computing, such as uploading of app images, integrity verification, letting the virtualization infrastructure manager VIM handle virtual resources for applications, and so on. The data plane is a UPF (User Port Function) sinking to the edge in the 5G scenario.
Fig. 2 and 3 are schematic diagrams illustrating a comparison between ETSI MEC and NFV (Network Functions Virtualization) reference architectures. When deployed, the MEP may be regarded as a PaaS platform for deploying the MEC APP, and the APP may also be deployed in a virtual machine or container on the PaaS platform formed by the MEP. MEPs and APPs, as well as data plane UPF, can all be virtualized modalities deployed on the virtual infrastructure.
In order to guarantee service security, the edge computing APP needs to provide security services, such as a firewall, an IPS (intrusion prevention system), a WAF (Web application prevention system), and the like, to the operator edge computing node. Moreover, due to the sensitivity of industry data, industry customers generally need to share firewalls, IPS, WAFs, and the like. Because the APPs are dynamically hosted and can expand and contract capacity according to business requirements, and corresponding security policies are also dynamic, if traditional physical security equipment is used, dedicated physical security equipment is purchased for each APP needing security protection, the cost is very high, and after the APPs are offline, physical security equipment resources may not be immediately reused, so that resource waste is caused. In addition, the physical safety equipment of each manufacturer has large difference, manual configuration is mostly adopted at present, and when a large number of APPs are deployed and use the physical safety equipment, the workload of manual configuration of the safety equipment is large, and errors are easy to occur. Even if the physical security device supports virtualization of the security function into multiple logically independent security functions (e.g., the physical firewall supports virtualization into multiple logically independent virtual firewalls) for the APP, the location of deployment is fixed because the physical security device is statically deployed. The stationarity of the deployment position of the device needs to lead the flow needing protection of the APP to the safety equipment by setting a switch routing strategy or using an SDN (software defined network) controller, so that routing roundabout is inevitably caused and service delay is influenced. The edge service has high requirement on time delay, so that statically deployed physical security equipment cannot meet the requirements of APP dynamic security protection and time delay.
In the current edge computing scenario, the safety protection of APPs on the edge computing node of an operator is to implement safety isolation between APPs and mep (mec platform) through a physical firewall, and there is no complete scheme for providing safety services such as a firewall, an IPS, and a WAF for APPs. If traditional physical security equipment is deployed to provide security protection for the APP, the problems that static deployment cost of the physical security equipment is high, resource reuse rate is not high, manual operation and maintenance is prone to errors, and routing roundabout delay is large can be solved.
Disclosure of Invention
The invention aims to provide a safety protection method, a device and a system of an edge computing APP, which can realize the safety protection of the edge computing APP.
To solve the above technical problem, embodiments of the present invention provide the following technical solutions:
in one aspect, a security protection method for an edge computing APP is provided, which is executed by a security manager, and includes:
receiving a security service request sent by an edge computing platform (MEP), wherein the security service request carries a security protection object, a security protection type and a security protection strategy;
selecting a virtual security function VSF to be instantiated according to the security protection type, and sending an instantiation VSF request to a multi-access edge orchestrator MEO;
receiving an instantiation result returned by the MEO, wherein the instantiation result carries the vnfInstanceID of the instantiated VSF;
sending the vnfInstanceID of the instantiated VSF and the security protection policy to an Operation and Maintenance Center (OMC), so that the OMC sends the security protection policy to the instantiated VSF;
returning a security service request response to the MEP.
In some embodiments, after sending the vnfnnstanceid of the instantiated VSF and the security protection policy to the OMC, the method further comprises:
storing a correspondence of a vnfInstanceID of a security guard object to a vnfInstanceID of the instantiated VSF.
In some embodiments, after returning a security service request response to the MEP, the method further comprises:
receiving a security protection policy updating request sent by an MEP, wherein the security protection policy updating request carries the vnfInstanceID of a security protection object and an updated security protection policy;
querying the corresponding relation stored locally, and determining the vnfInstanceID of the instantiated VSF corresponding to the vnfInstanceID of the safety protection object;
sending the vnfInstanceeID of the instantiated VSF and the updated security protection policy to an OMC, so that the OMC sends the updated security protection policy to the corresponding VSF according to the vnfInstanceeID of the VSF;
receiving a security policy update response returned by the OMC;
sending a security policy update response to the MEP.
In some embodiments, after returning a security service request response to the MEP, the method further comprises:
receiving a safety protection state subscription request sent by the MEP, wherein the safety protection state subscription request carries an identifier of a safety protection object and a mode of acquiring safety protection state information;
verifying the authority of the safety protection state subscription of the safety protection object, and sending a safety protection state subscription success response to the MEP after the verification is successful;
obtaining a security protection state of the instantiated virtualized security device through the OMC;
and sending the safety protection state to the MEP according to the mode of acquiring the safety protection state information.
The embodiment of the invention also provides a safety protection method of the edge computing APP, which is executed by the edge computing platform MEP, and the method comprises the following steps:
receiving a security service request of an edge computing application APP, wherein the security service request carries a security protection object, a security protection type and a security protection strategy;
sending the security service request to a security manager;
receiving a security service request response returned by the security server;
and returning the security service request response to the edge computing APP.
In some embodiments, before sending the security service request to a security manager, the method further comprises:
authenticating and authorizing the security service request.
In some embodiments, after returning the security service request response to the edge computing APP, the method further comprises:
receiving an updated security policy request of the edge computing APP, wherein the updated security policy request carries the vnfInstanceID of the security protection object;
sending the request for updating the security protection policy to the security manager;
receiving a security policy updating response returned by the security server;
returning the security policy update response to the edge computing APP.
In some embodiments, after returning the security service request response to the edge computing APP, the method further comprises:
receiving a safety protection state subscription request of the edge computing APP, wherein the safety protection state subscription request carries an identifier of a safety protection object and a mode of acquiring safety protection state information;
sending the security protection state subscription request to the security manager;
receiving a safety protection state subscription success response returned by the safety server;
returning a successful response of the subscription of the safety protection state to the edge computing APP;
receiving a safety protection state returned by the safety server according to the mode of acquiring the safety protection state information;
and returning the safety protection state to the edge computing APP.
The embodiment of the invention also provides a safety protection device of the edge computing APP, which is applied to a safety manager, and the device comprises:
the first receiving module is used for receiving a security service request sent by an edge computing platform (MEP), wherein the security service request carries a security protection object, a security protection type and a security protection strategy;
the first sending module is used for selecting a virtual security function VSF to be instantiated according to the security protection type and sending an instantiation VSF request to the multi-access edge orchestrator MEO;
the first receiving module is further configured to receive an instantiation result returned by the MEO, where the instantiation result carries a vnfsnstanceid of an instantiated VSF;
the first sending module is further configured to send the vnfnnstanceid of the instantiated VSF and the security protection policy to an operation and maintenance center OMC, so that the OMC sends the security protection policy to the instantiated VSF;
the first sending module is further configured to return a security service request response to the MEP.
In some embodiments, the apparatus further comprises:
and the storage module is used for storing the corresponding relation between the vnfInstanceID of the safety protection object and the vnfInstanceID of the instantiated VSF.
In some embodiments, the first receiving module is further configured to receive a security policy update request sent by the MEP, where the vnf instanceid of the security protection object and the updated security policy are carried;
the first sending module is further configured to query the locally stored correspondence, and determine a vnfsnstanceid of the instantiated VSF corresponding to the vnfsnstanceid of the security protection object; sending the vnfInstanceeID of the instantiated VSF and the updated security protection policy to an OMC, so that the OMC sends the updated security protection policy to the corresponding VSF according to the vnfInstanceeID of the VSF;
the first receiving module is further configured to receive a security policy update response returned by the OMC;
the first sending module is further configured to send a security policy update response to the MEP.
In some embodiments, the first receiving module is further configured to receive a security protection state subscription request sent by the MEP, where the security protection state subscription request carries an identifier of a security protection object and a manner of obtaining security protection state information;
the first sending module is further configured to verify the authority of the safety protection state subscription of the safety protection object, and send a safety protection state subscription success response to the MEP after the verification is successful;
the first receiving module is further configured to obtain a security protection state of the instantiated virtualized security device through the OMC;
the first sending module is further configured to send the security protection state to the MEP in the manner of obtaining the security protection state information.
The embodiment of the invention also provides a safety protection device of the edge computing APP, which is applied to the edge computing platform MEP, and the device comprises:
the second receiving module is used for receiving a security service request of the edge computing application APP, wherein the security service request carries a security protection object, a security protection type and a security protection strategy;
the second sending module is used for sending the security service request to a security manager;
the second receiving module is further configured to receive a security service request response returned by the security server;
the second sending module is further configured to return the security service request response to the edge computing APP.
In some embodiments, the apparatus further comprises:
and the authentication module is used for authenticating and authorizing the security service request.
In some embodiments, the second receiving module is further configured to receive an update security policy request of the edge computing APP, where the update security policy request carries a vnfsnstanceid of a security object and an updated security policy;
the second sending module is further configured to send the request for updating the security protection policy to the security manager;
the second receiving module is further configured to receive a security policy update response returned by the security server;
the second sending module is further configured to return the security policy update response to the edge computing APP.
In some embodiments, the second receiving module is further configured to receive a security protection state subscription request of the edge computing APP, where the security protection state subscription request carries an identifier of a security protection object and a manner of obtaining security protection state information;
the second sending module is further configured to send the security protection state subscription request to the security manager;
the second receiving module is further configured to receive a response of successful subscription of the security protection state returned by the security server;
the second sending module is further configured to return a response of successful subscription of the security protection state to the edge computing APP;
the second receiving module is further configured to receive a security protection state returned by the security server in the manner of obtaining the security protection state information;
the second sending module is further configured to return the security protection state to the edge computing APP.
The embodiment of the invention also provides a safety protection system of the edge computing APP, which comprises the following steps:
the edge computing platform MEP is used for receiving a security service request of an edge computing application APP, wherein the security service request carries a security protection object, a security protection type and a security protection strategy; sending the security service request to a security manager; receiving a security service request response returned by the security server; returning the security service request response to the edge computing APP;
the security manager is used for receiving a security service request sent by an edge computing platform (MEP), wherein the security service request carries a security protection object, a security protection type and a security protection strategy; selecting a virtual security function VSF to be instantiated according to the security protection type, and sending an instantiation VSF request to a multi-access edge orchestrator MEO; receiving an instantiation result returned by the MEO, wherein the instantiation result carries the vnfInstanceID of the instantiated VSF; sending the vnfInstanceID of the instantiated VSF and the security protection strategy to an Operation Maintenance Center (OMC) so that the OMC can send the security protection strategy to the instantiated VSF; returning a security service request response to the MEP.
The embodiment of the invention also provides a safety protection device of the edge computing APP, which comprises a memory, a processor and a computer program, wherein the computer program is stored in the memory and can run on the processor; when the processor executes the program, the safety protection method of the edge computing APP is realized.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the security protection method for edge computing APP as described above.
The embodiment of the invention has the following beneficial effects:
in the above scheme, the invocable capability of the MEP is extended, so that the MEP supports the function invocation of providing the security service for the APP, and provides a uniform entry for the invocation of the security capability for the APP; by introducing the security manager, the interface complexity of the butt joint of the MEP and each security device is shielded, the centralized configuration of the security policy of the virtualized security device can be realized by the security manager, the device interface difference is shielded, and the security operation and maintenance efficiency is improved.
Drawings
FIG. 1 is a schematic diagram of a multiple access edge computing reference architecture;
FIG. 2 is a schematic diagram of an ETSI MEC reference architecture;
FIG. 3 is a schematic diagram of an NFV reference architecture;
FIG. 4 is a block diagram illustrating a framework for providing security protection for an edge APP by a virtualized security device according to an embodiment of the present invention;
FIG. 5 is a schematic flow diagram illustrating an APP invoking an MEP security service according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating a process of changing a security policy for an APP according to an embodiment of the present invention;
FIG. 7 is a schematic diagram illustrating a subscription and query process of a security state according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a safety protection device of an edge computing APP on a safety manager side according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a safety protection device of an edge computing APP on an MEP side according to an embodiment of the present invention;
fig. 10 and fig. 11 are schematic composition diagrams of a safety protection device of an edge computing APP according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages to be solved by the embodiments of the present invention clearer, the following detailed description will be given with reference to the accompanying drawings and specific embodiments.
The embodiment provides a mechanism for deploying a virtualized security device in an edge cloud to provide security protection for an APP on demand. By extending the MEP, the MEP supports providing secure service function calls for the APP. The MEP realizes the instantiation of the virtualized security device to flexibly provide security service for the APP according to the requirement by calling a northbound interface of the security manager. The Security manager may apply for instantiating a VSF (Virtualized Security Function) to the MEO according to a Security service request of the MEP, and perform Security policy configuration on the instantiated VSF by calling an OMC northbound interface of the Security device.
Fig. 4 is a schematic diagram of a framework for providing security protection for an edge APP by a virtualized security device, where upf (user Port Function) is a user Port Function, mepm (ME platform manager) is an ME platform manager, vnfm (virtualized Network Function manager) is a virtualized Network Function manager, omc (operation and Maintenance center) is an operation and Maintenance center, vFM is a virtualized firewall, and vsps is a virtualized intrusion protection system.
In this embodiment, a Security manager (SMP Security Management Platform) is introduced into an edge computing node, and a Security capability is implemented to be opened to an edge computing Platform (MEP MEC Platform). The security manager has a directory of Virtualized Security Functions (VSFs), where the directory includes VSF names, corresponding VNF instance names, VNF instance IDs, VNF package IDs, CPU, memory, and I (input)/O (output) specifications, etc.
The embodiment provides a security protection method for an edge computing APP, which is executed by a security manager, and the method includes:
receiving a security service request sent by an edge computing platform (MEP), wherein the security service request carries a security protection object, a security protection type and a security protection strategy;
selecting a virtual security function VSF to be instantiated according to the security protection type, and sending an instantiated VSF request to a multi-access edge orchestrator MEO;
receiving an instantiation result returned by the MEO, wherein the instantiation result carries the vnfInstanceID of the instantiated VSF;
sending the vnfInstanceID of the instantiated VSF and the security protection policy to an Operation and Maintenance Center (OMC), so that the OMC sends the security protection policy to the instantiated VSF;
returning a security service request response to the MEP.
In some embodiments, after sending the vnfnnstanceid of the instantiated VSF and the security protection policy to the OMC, the method further comprises:
storing a correspondence of a vnfInstanceID of a security guard object to a vnfInstanceID of the instantiated VSF.
In some embodiments, after returning a security service request response to the MEP, the method further comprises:
receiving a security protection policy updating request sent by an MEP, wherein the security protection policy updating request carries the vnfInstanceID of a security protection object and an updated security protection policy;
querying the corresponding relation stored locally, and determining the vnfInstanceID of the instantiated VSF corresponding to the vnfInstanceID of the safety protection object;
sending the vnfInstanceeID of the instantiated VSF and the updated security protection policy to an OMC, so that the OMC sends the updated security protection policy to the corresponding VSF according to the vnfInstanceeID of the VSF;
receiving a security policy update response returned by the OMC;
sending a security policy update response to the MEP.
In some embodiments, after returning a security service request response to the MEP, the method further comprises:
receiving a safety protection state subscription request sent by the MEP, wherein the safety protection state subscription request carries an identifier of a safety protection object and a mode of acquiring safety protection state information;
verifying the authority of the safety protection state subscription of the safety protection object, and sending a safety protection state subscription success response to the MEP after the verification is successful;
obtaining the security protection state of the instantiated virtualized security device through the OMC;
and sending the safety protection state to the MEP according to the mode of acquiring the safety protection state information.
The embodiment of the invention also provides a safety protection method of the edge computing APP, which is executed by the edge computing platform MEP, and the method comprises the following steps:
receiving a security service request of an edge computing application APP, wherein the security service request carries a security protection object, a security protection type and a security protection strategy;
sending the security service request to a security manager;
receiving a security service request response returned by the security server;
returning the security service request response to the edge computing APP.
In some embodiments, before sending the security service request to a security manager, the method further comprises:
authenticating and authorizing the security service request.
In some embodiments, after returning the security service request response to the edge computing APP, the method further comprises:
receiving an updated security policy request of the edge computing APP, wherein the updated security policy request carries the vnfInstanceID of the security protection object;
sending the request for updating the security protection policy to the security manager;
receiving a security policy updating response returned by the security server;
returning the security policy update response to the edge computing APP.
In some embodiments, after returning the security service request response to the edge computing APP, the method further comprises:
receiving a safety protection state subscription request of the edge computing APP, wherein the safety protection state subscription request carries an identifier of a safety protection object and a mode of acquiring safety protection state information;
sending the security protection state subscription request to the security manager;
receiving a safety protection state subscription success response returned by the safety server;
returning a successful response of the subscription of the safety protection state to the edge computing APP;
receiving a safety protection state returned by the safety server according to the mode of acquiring the safety protection state information;
and returning the safety protection state to the edge computing APP.
In this embodiment, by expanding the callable capability of the existing MEP, the MEP supports providing a security service function call for the APP, and provides a uniform entry for the security capability call for the APP; by introducing the security manager, the complexity of an interface of the MEP and each security device in butt joint is shielded, the security manager can realize the centralized configuration of the security policy of the virtualized security device, the interface difference of the device is shielded, and the security operation and maintenance efficiency is improved; by introducing the virtualized security device in the edge computing and using the VNF instantiation process in the NFV architecture for reference, the virtualized security device is deployed and deleted as required, the deployment cost is reduced, and the resource utilization rate is improved; by incorporating the virtualized security device and the APP into the NS (Network Service), instantiation of the virtualized security device and deployment nearby the APP can be achieved, and routing turnaround time is reduced, thereby reducing the influence on APP Service delay.
The embodiment of the invention also provides a safety protection system of the edge computing APP, which comprises the following steps:
the edge computing platform MEP is used for receiving a security service request of an edge computing application APP, wherein the security service request carries a security protection object, a security protection type and a security protection strategy; sending the security service request to a security manager; receiving a security service request response returned by the security server; returning the security service request response to the edge computing APP;
the security manager is used for receiving a security service request sent by an edge computing platform (MEP), wherein the security service request carries a security protection object, a security protection type and a security protection strategy; selecting a virtual security function VSF to be instantiated according to the security protection type, and sending an instantiation VSF request to a multi-access edge orchestrator MEO; receiving an instantiation result returned by the MEO, wherein the instantiation result carries the vnfInstanceID of the instantiated VSF; sending the vnfInstanceID of the instantiated VSF and the security protection strategy to an Operation Maintenance Center (OMC) so that the OMC can send the security protection strategy to the instantiated VSF; returning a security service request response to the MEP.
In a specific embodiment, as shown in fig. 5, the procedure of calling MEP security service by APP includes the following steps:
step 1, the APP calls an API (Application Programming Interface) of the MEP to request a security protection service. The security service request includes security service requirements, such as a security object (e.g., an IP address of an APP), a security type (e.g., a firewall or a WAF), a specification (e.g., a maximum bandwidth, a maximum number of connections, etc.), a security policy (e.g., a prohibited source address is 192.168.11.4), and the like.
And 2, the MEP authenticates and authorizes the request of calling the API by the APP. After the authentication and authorization are successful, a security protection object (such as an IP address of an APP), an identifier vnfsnstanceid (identifier) corresponding to the APP, a virtualized connection (VL Virtual Link) of the APP, a security protection service type, a security protection service specification, and a corresponding security protection policy are sent to the security manager.
And 3, the security manager selects a VSF to be instantiated according to the security protection type, sends a VSF instantiation request to the MEO, and carries a VNF instance name, a VNF package ID and a connection relation between the VSF and the APP (if the VSF is series-connected protection equipment such as vFW or vWAF and the like, the service route between the APP and the VSF needs to be communicated, namely the APP and the VSF belong to the same three-layer intercommunication network, the flow of the APP is protected through the VSF, and if the VSF is side-hung detection equipment such as IDS, the flow of the APP needs to be mirrored on the switch and then sent to the VNF for detection, so that the switch and the VNF of the APP service belong to the same three-layer network APP) and the corresponding vnfInstanceID. In this step, the VNF package corresponding to the VSF to be instantiated is uploaded to the MEO registration in advance, and the VNF package and the corresponding VNF package ID are distributed to the VNFM, and the image is sent to the VIM (virtualized Infrastructure Manager). The VNFM assigns a VNF instance id to the VNF, which is returned to the MEO. And the MEO sends the information related to the VNF packet such as the VNF instance id to the security manager. The security manager stores information such as VNF package IDs, VNF instance names and VNF instance IDs corresponding to all VSFs.
And 4, the MEO generates an NSD (Network Service Description) file and a related Virtual link (Virtual link VL) according to the information in the request for instantiating the VSF, and stores the NSD in a directory. The MEO creates an NS and a network service identifier (NS id) matched with the NSD, where the NS needs to include VNF instance id corresponding to VSF and APP to be instantiated, vl (virtual Link vl) of APP, and a connection relationship between APP and VNF. The MEO generated NSD file may be generated by an operator of the MEO using an out-of-band tool and then uploaded to the MEO, or may be automatically generated by the MEO.
Step 5, the operator creates an instance of the NS on the MEO according to the NSD and NS and the instantiation parameters such as the VNF and the Virtual Link (VL) related thereto.
And 6, the MEO interacts with the VIM through an Openstack native interface to complete the creation of a virtual link VL of the VSF (Virtualized Network Function Manager).
Step 7, the MEO queries a Virtualized Network Function Descriptor (VNFD) corresponding to the VSF from the VNFM through the VNF package ID of the VSF, and the VNFM analyzes the VNFD corresponding to the VSF, analyzes resources required by instantiating the VSF, and initiates an authorization lifecycle request to the MEO to obtain an MEO authorization lifecycle response.
And step 8, the VNFM sends a request for creating the virtual resources to the MEO, and the MEO indicates the VIM to create the virtual resources. The VIM can deploy the virtualized security device on the virtual machine close to the APP according to the affinity of the virtual machine, and route bypass is reduced.
And 9, after the virtual resources are successfully created, configuring deployment parameters from the VNFM to the VSF.
Step 10, after the VNF is instantiated successfully, the VNFM sends a VNF lifecycle change notification to the MEO.
Step 13, the MEO notifies the security manager of the instantiation result, which includes the vnfsnstanceid corresponding to the instantiated VSF.
And step 14, the security manager calls an operation service interface of the OMC, and sends the vnfInstanceID corresponding to the instantiated VSF and the related security policy to the OMC.
And step 15, the OMC issues the security policy to the instantiated VSF.
Step 16, the security manager stores the correspondence between the vnfInstanceID of the APP and the vnfInstanceID of the instantiated VSF. A security service request response is returned to the MEP.
And step 17, the MEP returns a security service request response to the APP. At this point, the APP will obtain the security protection of the instantiated VSF.
As shown in fig. 6, the process of making the APP call the MEP API to change the security policy includes the following steps:
step 1, calling an MEP API by the APP according to the service requirement to request a security protection strategy updating request. The security policy update request carries the vnfInstanceID of the APP and the updated security policy.
And 2, the MEP forwards the request for updating the security protection strategy to the security manager.
And step 3, the security manager queries the corresponding relation between the locally stored APP vnfInstanceID and VSF vnfInstanceID, and sends the updated security policy and the VSF vnfInstanceID to the OMC through an operation service interface of the OMC.
And step 4, the OMC sends the security policy to the corresponding VSF according to the VSF vnfInstanceID.
And 5, the OMC returns a security policy updating response to the security manager.
And 6, the security manager returns a security policy update response to the MEP, and the MEP returns the security policy update response to the APP.
The APP may subscribe to security protection state information, such as security event alarms, security logs, etc., by calling a security service API of the MEP. And the MEP acquires the information security protection state information subscribed by the APP by calling the API of the security manager. As shown in fig. 7, the flow of the security state subscription and query includes the following steps:
step 1, calling an MEP API by the APP, sending a safety protection state subscription request, wherein the request carries an identifier of the APP, safety protection equipment information to be subscribed, and a mode (such as periodic push or pull) for acquiring the safety protection state information.
Step 2, the MEP calls a security manager API, forwards a security protection state subscription request of the APP, wherein the subscription request carries an identifier of the APP, security protection device information to be subscribed, and a mode (such as periodic push or pull) for acquiring the security protection state information.
And 3, verifying the authority subscribed by the safety protection state by the safety manager, for example, checking whether the APP applies for protection of the safety protection device or not and whether the APP has the authority to subscribe the safety protection state or not. And after the verification is successful, sending a safety protection state subscription success response to the APP through the MEP.
And step 4, the security manager obtains the security protection state of the instantiated virtualized security device through the OMC, and can periodically inquire the security protection state through the OMC and also can periodically and actively report the security protection state through the OMC.
And step 5, the security manager sends the information of the security protection state to the APP through the MEP according to the security protection state information acquisition mode (such as periodic push or pull) subscribed by the APP.
The embodiment of the application provides a mechanism for deploying virtualized security equipment in an edge cloud to provide security protection for an APP, and the MEP supports unified security service function calling for the APP by expanding the capability calling API of the MEP. The MEP realizes the flexible safety service supply for the APP according to the requirement by calling a northbound interface of the safety manager. The security manager can apply for the instantiation of the virtualized security device to the MEO according to the security service request of the MEP, and perform centralized security policy configuration on the virtualized security device, so that the interface complexity of the butt joint of the MEP and a plurality of security devices is avoided, and the security operation and maintenance efficiency is improved. Moreover, due to the introduction of the virtualized security device, the deployment cost of the security device is reduced, and the resource utilization rate is improved. Meanwhile, through affinity, near deployment of the virtualized security device can be realized, and the influence on APP service time delay after the security device is introduced is further reduced.
An embodiment of the present invention further provides a security protection device for an edge computing APP, which is applied to a security manager, and as shown in fig. 8, the device includes:
a first receiving module 11, configured to receive a security service request sent by an edge computing platform MEP, where the security service request carries a security protection object, a security protection type, and a security protection policy;
a first sending module 12, configured to select, according to the security protection type, a virtual security function VSF that needs to be instantiated, and send an instantiation VSF request to a multi-access edge orchestrator MEO;
the first receiving module 11 is further configured to receive an instantiation result returned by the MEO, where the instantiation result carries a vnfsnstanceid of an instantiated VSF;
the first sending module 12 is further configured to send the vnfnnstanceid of the instantiated VSF and the security policy to an operation and maintenance center OMC, so that the OMC sends the security policy to the instantiated VSF;
the first sending module 12 is further configured to return a security service request response to the MEP.
In some embodiments, the apparatus further comprises:
and the storage module is used for storing the corresponding relation between the vnfInstanceID of the safety protection object and the vnfInstanceID of the instantiated VSF.
In some embodiments, the first receiving module 11 is further configured to receive a security policy update request sent by the MEP, where the security policy update request carries the vnfsnstanceid of the security object and the updated security policy;
the first sending module 12 is further configured to query the locally stored correspondence, and determine a vnfsnstanceid of the instantiated VSF corresponding to the vnfsnstanceid of the security protection object; sending the vnfInstanceID of the instantiated VSF and the updated security protection strategy to an OMC (operation management center), so that the OMC sends the updated security protection strategy to a corresponding VSF according to the vnfInstanceID of the VSF;
the first receiving module 11 is further configured to receive a security policy update response returned by the OMC;
the first sending module 12 is further configured to send a security policy update response to the MEP.
In some embodiments, the first receiving module 11 is further configured to receive a security protection state subscription request sent by the MEP, where the security protection state subscription request carries an identifier of a security protection object and a manner of obtaining security protection state information;
the first sending module 12 is further configured to verify the authority of the security protection state subscription of the security protection object, and send a security protection state subscription success response to the MEP after the verification is successful;
the first receiving module 11 is further configured to obtain, through the OMC, a security protection state of the instantiated virtualized security device;
the first sending module 12 is further configured to send the security protection status to the MEP according to the manner of obtaining the security protection status information.
An embodiment of the present invention further provides a safety protection device for an edge computing APP, which is applied to an edge computing platform MEP, and as shown in fig. 9, the safety protection device includes:
a second receiving module 21, configured to receive a security service request of an edge computing application APP, where the security service request carries a security protection object, a security protection type, and a security protection policy;
a second sending module 22, configured to send the security service request to a security manager;
the second receiving module 21 is further configured to receive a security service request response returned by the security server;
the second sending module 22 is further configured to return the security service request response to the edge computing APP.
In some embodiments, the apparatus further comprises:
and the authentication module is used for authenticating and authorizing the security service request.
In some embodiments, the second receiving module 21 is further configured to receive an update security policy request of the edge computing APP, where the update security policy request carries a vnfsnstanceid of a security object and an updated security policy;
the second sending module 22 is further configured to send the request for updating the security protection policy to the security manager;
the second receiving module 21 is further configured to receive a security policy update response returned by the security server;
the second sending module 22 is further configured to return the security policy update response to the edge computing APP.
In some embodiments, the second receiving module 21 is further configured to receive a security protection state subscription request of the edge computing APP, where the security protection state subscription request carries an identifier of a security protection object and a manner of obtaining security protection state information;
the second sending module 22 is further configured to send the security protection state subscription request to the security manager;
the second receiving module 21 is further configured to receive a subscription success response of the security protection state returned by the security server;
the second sending module 22 is further configured to return the security protection state subscription success response to the edge computing APP;
the second receiving module 21 is further configured to receive a security protection state returned by the security server according to the manner of obtaining the security protection state information;
the second sending module 22 is further configured to return the safety protection state to the edge computing APP.
An embodiment of the present invention further provides a security protection apparatus for edge computing APP, which is applied to a security manager, as shown in fig. 10, and includes a memory 31, a processor 32, and a computer program stored in the memory 31 and capable of running on the processor 32; the processor 32, when executing the program, implements the security protection method of the edge computing APP as described above.
In some embodiments, the processor 32 is configured to receive a security service request sent by an edge computing platform MEP, where the security service request carries a security protection object, a security protection type, and a security protection policy; selecting a virtual security function VSF to be instantiated according to the security protection type, and sending an instantiation VSF request to a multi-access edge orchestrator MEO; receiving an instantiation result returned by the MEO, wherein the instantiation result carries the vnfInstanceID of the instantiated VSF; sending the vnfInstanceID of the instantiated VSF and the security protection policy to an Operation and Maintenance Center (OMC), so that the OMC sends the security protection policy to the instantiated VSF; returning a security service request response to the MEP.
In some embodiments, processor 32 is configured to store a correspondence between a vnfInstanceID of a security protection object and a vnfInstanceID of the instantiated VSF.
In some embodiments, the processor 32 is configured to receive a request for updating a security policy sent by the MEP, where the request carries a vnf instanceid of a security object and the updated security policy; querying the corresponding relation stored locally, and determining the vnfInstanceID of the instantiated VSF corresponding to the vnfInstanceID of the safety protection object; sending the vnfInstanceeID of the instantiated VSF and the updated security protection policy to an OMC, so that the OMC sends the updated security protection policy to the corresponding VSF according to the vnfInstanceeID of the VSF; receiving a security policy update response returned by the OMC; sending a security policy update response to the MEP.
In some embodiments, the processor 32 is configured to receive a security protection state subscription request sent by the MEP, where the security protection state subscription request carries an identifier of a security protection object and a manner of obtaining security protection state information; verifying the authority of the safety protection state subscription of the safety protection object, and sending a safety protection state subscription success response to the MEP after the verification is successful; obtaining a security protection state of the instantiated virtualized security device through the OMC; and sending the safety protection state to the MEP according to the mode of acquiring the safety protection state information.
An embodiment of the present invention further provides a safety protection device for an edge computing APP, which is applied to an MEP, as shown in fig. 11, and includes a memory 41, a processor 42, and a computer program stored in the memory 41 and capable of running on the processor 42; the processor 42, when executing the program, implements the security protection method of the edge computing APP as described above.
In some embodiments, the processor 42 is configured to receive a security service request of an edge computing application APP, where the security service request carries a security object, a security type, and a security policy; sending the security service request to a security manager; receiving a security service request response returned by the security server; returning the security service request response to the edge computing APP.
In some embodiments, processor 42 is configured to authenticate and authorize the security service request.
In some embodiments, the processor 42 is configured to receive an updated security policy request of the edge computing APP, where the updated security policy request carries a vnfs instance id of a security object and the updated security policy; sending the request for updating the security protection policy to the security manager; receiving a security policy updating response returned by the security server; returning the security policy update response to the edge computing APP.
In some embodiments, the processor 42 is configured to receive a security protection state subscription request of the edge computing APP, where the security protection state subscription request carries an identifier of a security protection object and a manner of obtaining security protection state information; sending the security protection state subscription request to the security manager; receiving a safety protection state subscription success response returned by the safety server; returning a successful response of the subscription of the safety protection state to the edge computing APP; receiving a safety protection state returned by the safety server according to the mode of acquiring the safety protection state information; and returning the safety protection state to the edge computing APP.
Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, where the program, when executed by a processor, implements the steps in the method for securing an edge computing APP as described above.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technologies, compact disc read only memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage terminal devices to be detected, or any other non-transmission medium that can be used to store information that can be accessed by a computer terminal device to be detected. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (13)
1. A method of security protection of an edge computing APP, performed by a security manager, the method comprising:
receiving a security service request sent by an edge computing platform (MEP), wherein the security service request carries a security protection object, a security protection type and a security protection strategy;
selecting a virtual security function VSF to be instantiated according to the security protection type, and sending an instantiation VSF request to a multi-access edge orchestrator MEO;
receiving an instantiation result returned by the MEO, wherein the instantiation result carries the vnfInstanceID of the instantiated VSF;
sending the vnfInstanceID of the instantiated VSF and the security protection policy to an Operation and Maintenance Center (OMC), so that the OMC sends the security protection policy to the instantiated VSF;
returning a security service request response to the MEP.
2. The method for securing edge computing APP as claimed in claim 1, wherein after sending vnf instanceid of the instantiated VSF and the security policy to the OMC, the method further comprises:
storing a correspondence of a vnfInstanceID of a security guard object to a vnfInstanceID of the instantiated VSF.
3. The method of security protection of edge computing APP as claimed in claim 2, wherein after returning a security service request response to the MEP, the method further comprises:
receiving a security protection policy updating request sent by an MEP, wherein the security protection policy updating request carries the vnfInstanceID of a security protection object and an updated security protection policy;
querying the corresponding relation stored locally, and determining the vnfInstanceID of the instantiated VSF corresponding to the vnfInstanceID of the safety protection object;
sending the vnfInstanceID of the instantiated VSF and the updated security protection strategy to an OMC (operation management center), so that the OMC sends the updated security protection strategy to a corresponding VSF according to the vnfInstanceID of the VSF;
receiving a security policy update response returned by the OMC;
sending a security policy update response to the MEP.
4. The method of security protection of edge computing APP as claimed in claim 1, wherein after returning a security service request response to the MEP, the method further comprises:
receiving a safety protection state subscription request sent by the MEP, wherein the safety protection state subscription request carries an identifier of a safety protection object and a mode of acquiring safety protection state information;
verifying the authority of the safety protection state subscription of the safety protection object, and sending a safety protection state subscription success response to the MEP after the verification is successful;
obtaining a security protection state of the instantiated virtualized security device through the OMC;
and sending the safety protection state to the MEP according to the mode of acquiring the safety protection state information.
5. A method of security protection of an edge computing APP, performed by an edge computing platform (MEP), the method comprising:
receiving a security service request of an edge computing application APP, wherein the security service request carries a security protection object, a security protection type and a security protection strategy;
sending the security service request to a security manager;
receiving a security service request response returned by the security server;
returning the security service request response to the edge computing APP.
6. The method of securing edge computing APP according to claim 5, wherein before sending the security service request to a security manager, the method further comprises:
authenticating and authorizing the security service request.
7. The method of claim 5, wherein after returning the security service request response to the edge computing APP, the method further comprises:
receiving an updated security policy request of the edge computing APP, wherein the updated security policy request carries the vnfInstanceID of the security protection object;
sending the request for updating the security protection policy to the security manager;
receiving a security policy updating response returned by the security server;
returning the security policy update response to the edge computing APP.
8. The method of claim 5, wherein after returning the security service request response to the edge computing APP, the method further comprises:
receiving a safety protection state subscription request of the edge computing APP, wherein the safety protection state subscription request carries an identifier of a safety protection object and a mode of acquiring safety protection state information;
sending the security protection state subscription request to the security manager;
receiving a safety protection state subscription success response returned by the safety server;
returning a successful response of the subscription of the safety protection state to the edge computing APP;
receiving a safety protection state returned by the safety server according to the mode of acquiring the safety protection state information;
and returning the safety protection state to the edge computing APP.
9. Safety protection device for an edge computing APP, applied to a safety manager, the device comprising:
the first receiving module is used for receiving a security service request sent by an edge computing platform (MEP), wherein the security service request carries a security protection object, a security protection type and a security protection strategy;
the first sending module is used for selecting a virtual security function VSF to be instantiated according to the security protection type and sending an instantiation VSF request to the multi-access edge orchestrator MEO;
the first receiving module is further configured to receive an instantiation result returned by the MEO, where the instantiation result carries a vnfsnstanceid of an instantiated VSF;
the first sending module is further configured to send the vnfnnstanceid of the instantiated VSF and the security protection policy to an operation and maintenance center OMC, so that the OMC sends the security protection policy to the instantiated VSF;
the first sending module is further configured to return a security service request response to the MEP.
10. Safety protection device for edge computing APP, applied to an edge computing platform (MEP), comprising:
the second receiving module is used for receiving a security service request of the edge computing application APP, wherein the security service request carries a security protection object, a security protection type and a security protection strategy;
the second sending module is used for sending the security service request to a security manager;
the second receiving module is further configured to receive a security service request response returned by the security server;
the second sending module is further configured to return the security service request response to the edge computing APP.
11. A safety protection system of an edge computing APP, comprising:
the edge computing platform MEP is used for receiving a security service request of an edge computing application APP, wherein the security service request carries a security protection object, a security protection type and a security protection strategy; sending the security service request to a security manager; receiving a security service request response returned by the security server; returning the security service request response to the edge computing APP;
the security manager is used for receiving a security service request sent by an edge computing platform (MEP), wherein the security service request carries a security protection object, a security protection type and a security protection strategy; selecting a virtual security function VSF to be instantiated according to the security protection type, and sending an instantiation VSF request to a multi-access edge orchestrator MEO; receiving an instantiation result returned by the MEO, wherein the instantiation result carries the vnfInstanceID of the instantiated VSF; sending the vnfInstanceID of the instantiated VSF and the security protection policy to an Operation and Maintenance Center (OMC), so that the OMC sends the security protection policy to the instantiated VSF; returning a security service request response to the MEP.
12. A safety guard of an edge computing (APP) comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor; characterized in that the processor, when executing the program, implements a method of safeguarding an edge computing APP as claimed in any one of claims 1 to 8.
13. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the steps of the method for securing an edge computing APP as claimed in any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011409859.XA CN114615000B (en) | 2020-12-04 | 2020-12-04 | Security protection method, device and system for edge computing APP |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011409859.XA CN114615000B (en) | 2020-12-04 | 2020-12-04 | Security protection method, device and system for edge computing APP |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114615000A true CN114615000A (en) | 2022-06-10 |
| CN114615000B CN114615000B (en) | 2024-06-21 |
Family
ID=81857014
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011409859.XA Active CN114615000B (en) | 2020-12-04 | 2020-12-04 | Security protection method, device and system for edge computing APP |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114615000B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190042319A1 (en) * | 2018-09-28 | 2019-02-07 | Kapil Sood | Mobile edge-cloud security infrastructure |
| CN110533907A (en) * | 2019-08-28 | 2019-12-03 | 广东利通科技投资有限公司 | Wisdom freeway operation system |
| CN111654541A (en) * | 2020-06-02 | 2020-09-11 | 中国联合网络通信集团有限公司 | Service function chain arrangement method, system and orchestrator for edge computing service |
| CN111742535A (en) * | 2018-01-12 | 2020-10-02 | Idac控股公司 | Method and procedure for providing IEEE 802.11-based wireless network information service for ETSI MEC |
| CN112020851A (en) * | 2019-03-28 | 2020-12-01 | 帕洛阿尔托网络公司 | Multi-access distributed edge security in mobile networks |
-
2020
- 2020-12-04 CN CN202011409859.XA patent/CN114615000B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111742535A (en) * | 2018-01-12 | 2020-10-02 | Idac控股公司 | Method and procedure for providing IEEE 802.11-based wireless network information service for ETSI MEC |
| US20190042319A1 (en) * | 2018-09-28 | 2019-02-07 | Kapil Sood | Mobile edge-cloud security infrastructure |
| CN112020851A (en) * | 2019-03-28 | 2020-12-01 | 帕洛阿尔托网络公司 | Multi-access distributed edge security in mobile networks |
| CN110533907A (en) * | 2019-08-28 | 2019-12-03 | 广东利通科技投资有限公司 | Wisdom freeway operation system |
| CN111654541A (en) * | 2020-06-02 | 2020-09-11 | 中国联合网络通信集团有限公司 | Service function chain arrangement method, system and orchestrator for edge computing service |
Non-Patent Citations (1)
| Title |
|---|
| 黄嘉等: "5GMEC关键技术及安全隔离措施研究", 《互联网天地》, 20 October 2019 (2019-10-20) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114615000B (en) | 2024-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11310108B2 (en) | Secure configuration of cloud computing nodes | |
| US10798218B2 (en) | Environment isolation method and device | |
| US20130283335A1 (en) | Systems and methods for applying policy wrappers to computer applications | |
| US11398989B2 (en) | Cloud service for cross-cloud operations | |
| US10367696B2 (en) | Automatic network management system and methods | |
| KR20230162083A (en) | Extend cloud-based virtual private networks to wireless-based networks | |
| CN113886794A (en) | Computing cluster system, security authentication method, node device and storage medium | |
| KR20230069088A (en) | Container cluster management method and its system | |
| CN108881460B (en) | Method and device for realizing unified monitoring of cloud platform | |
| US10785056B1 (en) | Sharing a subnet of a logically isolated network between client accounts of a provider network | |
| CN108366087B (en) | ISCSI service realization method and device based on distributed file system | |
| CN110011850B (en) | Management method and device for services in cloud computing system | |
| US11843518B2 (en) | Network service processing method, system, and gateway device | |
| CN114615000A (en) | Safety protection method, device and system for edge computing APP | |
| CN115812317A (en) | Method and apparatus for preventing network attacks in network slices | |
| CN112688918B (en) | Network vulnerability scanning method and communication device | |
| CN110417566B (en) | Multi-head configuration method, device and system | |
| US20230216917A1 (en) | File sharing framework in network security systems to synchronize data and configuration files across virtual machine clusters independent of file sharing technologies | |
| KR101871454B1 (en) | Method and system for providing managed service | |
| CN117596285A (en) | Cloud service connection method, device, equipment and storage medium | |
| CN115529143A (en) | Communication method, communication device, related equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |