[1]王月,吕光宏,曹勇.软件定义网络安全研究[J].计算机技术与发展,2018,28(04):128-132.[doi:10.3969/ j. issn.1673-629X.2018.04.027]
 WANG Yue,LYU Guang-hong,CAO Yong.Research on Security of Software Defining Network[J].,2018,28(04):128-132.[doi:10.3969/ j. issn.1673-629X.2018.04.027]
点击复制

软件定义网络安全研究()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
28
期数:
2018年04期
页码:
128-132
栏目:
安全与防范
出版日期:
2018-04-10

文章信息/Info

Title:
Research on Security of Software Defining Network
文章编号:
1673-629X(2018)04-0128-05
作者:
王月吕光宏曹勇
四川大学 计算机学院,四川 成都 610065
Author(s):
WANG YueLYU Guang-hongCAO Yong
School of Computer,Sichuan University,Chengdu 610065,China
关键词:
软件定义网络OpenFlow安全威胁SDN 安全
Keywords:
software defined networkOpenFlowsecurity threatSDN security
分类号:
TP393
DOI:
10.3969/ j. issn.1673-629X.2018.04.027
文献标志码:
A
摘要:
随着网络规模的扩大及业务的多样化,原有的网络架构难以满足未来发展需求,软件定义网络(software defined networking,SDN)作为一种新型网络架构被提出。 将控制平面从数据平面中分离出来,控制平面的集中管控简化了网络配置管理,实现了灵活部署,提高了网络性能。 利用 SDN 的集中获取信息的特性可对网络中的安全威胁进行监督检测,提高网络安全性。 然而 SDN 在带来便利的同时也带来了新的安全问题。 文中从 SDN 的各层及接口对网络安全问题进行分析,并对现有的解决方案进行了分类,分别从提升 SDN 控制器安全性、DoS/ DDoS 攻击防御、流规则一致性、提升应用程序安全性、北向接口标准化这 5 个方面进行了探讨,进而得出结论,并对未来进行展望。
Abstract:
With the expansion of the network and the diversification of the business,the original network architecture is difficult to meet the future development requirements,so software defined network (SDN) as a new network architecture is proposed. SDN separates the control plane from the data plane,and the centralized control of control plane simplifies the network configuration management,which enables flexible deployment and improves the overall network performance. The feature of SDN,s concentrated accessing information can supervise and detect the threats in the network to improve its security. However,SDN also brings us new security problems as well as convenience. In this paper,we analyze the network security from SDN layers and interfaces and classify the existing solutions. And we make a discussion in five aspects including enhancing SDN controller security,DoS/ DDoS attack defense,flow rules consistency,raising the application security and standardizing the north interface,then get a set of conclusion and prospects for the future.

相似文献/References:

[1]郭文刚. 基于SDN的大型企业网络研究[J].计算机技术与发展,2014,24(08):179.
 GUO Wen-gang. Research on Large Enterprise Network Based on SDN[J].,2014,24(04):179.
[2]付健,沈苏彬. 一种基于SDN的QoS应用编程接口设计方案[J].计算机技术与发展,2015,25(11):99.
 FU Jian,SHEN Su-bin. A Design Scheme of Application Programmable Interface for QoS Based on SDN[J].,2015,25(04):99.
[3]王莉. 面向QoE驱动的软件定义网络业务流控制模型[J].计算机技术与发展,2015,25(11):125.
 WANG Li. Model of Software Defined Network Service-flow Control to QoE-driven[J].,2015,25(04):125.
[4]孙茂鑫,钱红燕. SDN网络环境下的MPTCP的移动切换机制[J].计算机技术与发展,2016,26(06):11.
 SUN Mao-xin,QIAN Hong-yan. Mobile Handover Mechanism Based on MPTCP in SDN Environment[J].,2016,26(04):11.
[5]倪晓军,段元新,章韵,等.一种多指标综合评价负载均衡路由策略研究[J].计算机技术与发展,2016,26(06):46.
 NI Xiao-jun,DUAN Yuan-xin,ZHANG Yun,et al. Research on Load Balancing Routing Strategy Based on Link Multi-index Evaluation System[J].,2016,26(04):46.
[6]赵云,李莉,沈苏彬. 支持可定制QoS服务的SDN北向接口设计与实现[J].计算机技术与发展,2016,26(11):182.
 ZHAO Yun,LI Li,SHEN Su-bin. Design and Implementation of SDN Northbound Interface for Customizable Services of QoS[J].,2016,26(04):182.
[7]孙杰,李莉,沈苏彬. 一种基于QoS和动态负载均衡的路由策略[J].计算机技术与发展,2016,26(11):188.
 SUN Jie,LI Li,SHEN Su-bin. A Routing Strategy Based on QoS and Dynamic Load Balancing[J].,2016,26(04):188.
[8]朱向阳,陈兵. 软件定义网络中可扩展的流表项处理机制[J].计算机技术与发展,2016,26(12):12.
 ZHU Xiang-yang,CHEN Bing. Scalable Flow Table Entries Processing Mechanism in Software-defined Networks[J].,2016,26(04):12.
[9]孙冬冬,杨龙祥. 基于软件定义的未来网络节能算法[J].计算机技术与发展,2017,27(03):70.
 SUN Dong-dong,YANG Long-xiang. Future Network Energy Saving Algorithm Based on Software Definition[J].,2017,27(04):70.
[10]侯 文,陈 佳,王洪超.SDN 控制平面功能模块化研究[J].计算机技术与发展,2017,27(12):23.[doi:10.3969/ j. issn.1673-629X.2017.12.006]
 HOU Wen,CHEN Jia,WANG Hong-chao.Research on Modular and Functional SDN Control Plane[J].,2017,27(04):23.[doi:10.3969/ j. issn.1673-629X.2017.12.006]
[11]季一木,谈海宇,孙延鹏,等. 基于Openflow的Flash P2P流媒体传输协议研究[J].计算机技术与发展,2015,25(11):82.
 JI Yi-mu,TAN Hai-yu,SUN Yan-peng,et al. Research on Flash P2P Streaming Media Transmission Protocol Based on Openflow[J].,2015,25(04):82.
[12]孔祥彬,沈苏彬,李 莉.一种基于 SDN 网络的 QoS 路由选择方案[J].计算机技术与发展,2018,28(02):102.[doi:10.3969/j.issn.1673-629X.2018.02.023]
 KONG Xiangbin,SHEN Subin,LI Li.A QoS Routing Scheme Based on Software-defined Networking[J].,2018,28(04):102.[doi:10.3969/j.issn.1673-629X.2018.02.023]
[13]周飞,吕光宏.基于SDN 的QoS 研究[J].计算机技术与发展,2018,28(03):6.[doi:10.3969/ j. issn.1673-629X.2018.03.002]
 ZHOU Fei,LYU Guang-hong.Research on QoS of SDN[J].,2018,28(04):6.[doi:10.3969/ j. issn.1673-629X.2018.03.002]
[14]于天放,芮兰兰.基于OpenFlow 的 SDN 架构研究与实践[J].计算机技术与发展,2018,28(07):159.[doi:10.3969/ j. issn.1673-629X.2018.07.034]
 YU Tian-fang,RUI Lan-lan.Research and Practice on SDN Architecture Based on OpenFlow[J].,2018,28(04):159.[doi:10.3969/ j. issn.1673-629X.2018.07.034]
[15]张昭俊,韩 俐.基于 OpenFlow 交换机端口混淆的移动目标防御机制[J].计算机技术与发展,2020,30(12):106.[doi:10. 3969 / j. issn. 1673-629X. 2020. 12. 019]
 ZHANG Zhao-jun,HAN Li.Moving Target Defense Mechanism Based on OpenFlow Switch Port Obfuscation[J].,2020,30(04):106.[doi:10. 3969 / j. issn. 1673-629X. 2020. 12. 019]

更新日期/Last Update: 2018-06-07