首页 | 本学科首页   官方微博 | 高级检索  
     

软件定义网络:安全模型、机制及研究进展
引用本文:王蒙蒙,刘建伟,陈杰,毛剑,毛可飞.软件定义网络:安全模型、机制及研究进展[J].软件学报,2016,27(4):969-992.
作者姓名:王蒙蒙  刘建伟  陈杰  毛剑  毛可飞
作者单位:北京航空航天大学 电子信息工程学院 信息与网络安全实验室, 北京 100191,北京航空航天大学 电子信息工程学院 信息与网络安全实验室, 北京 100191,北京航空航天大学 电子信息工程学院 信息与网络安全实验室, 北京 100191,北京航空航天大学 电子信息工程学院 信息与网络安全实验室, 北京 100191,北京航空航天大学 电子信息工程学院 信息与网络安全实验室, 北京 100191
基金项目:国家重点基础研究发展计划(973计划)(2012CB315905);国家自然基金项目(61272501, 61402029, 61370190)
摘    要:软件定义网络(software defined networking,简称SDN)初步实现了网络控制面与数据面分离的思想,然而在提供高度开放性和可编程性的同时,网络自身也面临着诸多安全问题,从而限制了SDN在很多场景下的大规模部署和应用.首先对SDN的架构和安全模型进行分析;其次,从"SDN特有/非特有的典型安全问题"和"SDN各层/接口面临的安全威胁"两方面,对SDN中存在的典型安全威胁和安全问题进行分析和归纳;随后从6个方面对现有SDN安全问题的主要解决思路及其最新研究进展分别进行探讨,包括SDN安全控制器的开发、控制器可组合安全模块库的开发和部署、控制器Do S/DDo S攻击防御方法、流规则的合法性和一致性检测、北向接口的安全性和应用程序安全性;最后对SDN安全方面的标准化工作进行了简要分析,并对SDN安全方面未来的研究趋势进行了展望.

关 键 词:软件定义网络  OpenFlow  安全模型  安全威胁  控制器安全  北向接口安全协议
收稿时间:2015/5/18 0:00:00
修稿时间:2015/8/17 0:00:00

Software Defined Networking:Security Model, Threats and Mechanism
WANG Meng-Meng,LIU Jian-Wei,CHEN Jie,MAO Jian and MAO Ke-Fei.Software Defined Networking:Security Model, Threats and Mechanism[J].Journal of Software,2016,27(4):969-992.
Authors:WANG Meng-Meng  LIU Jian-Wei  CHEN Jie  MAO Jian and MAO Ke-Fei
Affiliation:Laboratory of Information and Network Security, School of Electronic and Information Engineering, BeiHang University, Beijing 100191, China,Laboratory of Information and Network Security, School of Electronic and Information Engineering, BeiHang University, Beijing 100191, China,Laboratory of Information and Network Security, School of Electronic and Information Engineering, BeiHang University, Beijing 100191, China,Laboratory of Information and Network Security, School of Electronic and Information Engineering, BeiHang University, Beijing 100191, China and Laboratory of Information and Network Security, School of Electronic and Information Engineering, BeiHang University, Beijing 100191, China
Abstract:Software defined networking (SDN) facilitates rapid and open innovation by decoupling the control plane from the data plane, thus enabling high degree of openness and programmability in network protocols and applications. However, the dynamism of programmable networks also introduces new security challenges, which limit the large-scale application of SDN in many places. In this paper, we present a comprehensive survey on the security of SDN. We start by abstracting SDN architecture and the security model of SDN. Next, typical security threats and security issues of SDN are summarized and classified from the following two aspects: SDN specific and non-specific threats, and the security issues associated with the SDN framework. Then we provide an in-depth analysis of latest developments in how to build a secure and dependable SDN from the following six aspects: building a secure SDN controller or network operating system, the modular composable security services for SDN, DoS/DDoS flooding attack prevention and detection for SDN controllers, conflict resolutions and consistency resolutions for flow rules in SDN, the security of northbound Application Programming Interface (API), and the security of applications in SDN. Finally, we give a brief analysis of the standardization work on SDN security, and conclude this survey paper with future research trends in building a more secure SDN.
Keywords:Software Defined Networking  OpenFlow  Security Model  Security Threats  Controller Security  Security Protocol of Northbound Application Programming Interface
本文献已被 CNKI 等数据库收录!
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号