USE OF MODERN DECENTRALIZED TECHNOLOGIES FOR DISTRIBUTION OF ACCESS IN THE CLOUD ENVIRONMENT

Abstract

The work solves the actual scientific and technical problem of developing a method of demarcating access to cloud services using dynamically generated filtering rules for virtual firewalls. The model proposed in the work takes into account the dynamic nature of the allocation of allocated resources and the characteristics of network interaction protocols. The input of the model receives a stream of network packets that are sent to the firewall of the protection system in the cloud environment in real time. The model divides packets into virtual connections, and defines subsets of filtering rules for all information connections that allow filtering network interaction to comply with access policie.

The integration of access control functions into the components of the cloud environment reduces its performance, provided that the firewalls that control information interaction use the hardware resources of the regular hypervisor. The virtual connection classification algorithm proposed in the work uses the existing technologies of parallel computing and the structure of the TCP/IP stack, and is implemented using the Netgraph network subsystem. This makes it possible to increase the performance of firewalls and more efficiently use the computing power of existing hardware platforms. This reduces the cost of access delimitation tools in the cloud environment. The developed algorithms and method expand the possibilities of using the technology of inter-network shielding. The interaction of virtual machines within the framework of one hypervisor is carried out without the use of physical communication lines and is ensured by a software method, for example through the use of smart contracts.