| 512 | 12 | 204 |
| 下载次数 | 被引频次 | 阅读次数 |
随着网络规模的快速扩大及网络业务的多样化,原有的网络架构难以满足未来发展需要。软件定义网络(Software Defined Network,SDN)作为一种新兴技术,实现了控制面与数据面的解耦,能够提供网络的集中控制与流量的灵活调度,将引起通信领域的巨大变革。研究了SDN架构的特点及其面临的安全威胁;针对SDN安全技术研究现状进行了综述;从网络动态防御、软件定义监控和自身安全性增强3个方面提出了SDN安全技术的发展方向。在加强SDN自身安全性的同时提高了网络安全资源的动态调度能力。
Abstract:With the rapid development of network scale and the diversification of network services,the original network structure is difficult to meet the needs of the future development. Software Defined Network( SDN) as a new technology realizes the separation of control plane and data plane,which can provide centralized network controll and the flexible traffic management. This will take place great changes in communication field. This paper firstly analyses the features of SDN architecture and the security threat; then gives a survey on the present development of SDN security; and finally propose the development orientation of SDN security technology including network dynamic defense,software defined monitoring,and security enforcement,which can reinforce the security of SDN,and enhance the dynamic arrangement of security resources.
[1]Open Networking Foundation.Software-defined Networking:The New Norm for Networks[S],2012.
[2]蒋林涛.软件定义网络为宽带网络创新提供平台[J].世界电信,2013(5):20-21.
[3]JAIN S,KUMAR A,MANDAL S,et al.B4:Experience With a Globally-deployed Software Defined WAN[C]∥China:Proc.of ACM SIGCOMM’13,2013:3-14.
[4]张卫峰.深度解析SDN利益、战略、技术、实践[M].北京:电子工业出版社,2014.
[5]赵慧玲.SDN—未来网络演进的重要趋势[J].电信科学,2012(11):1-5.
[6]MCKEOWN N,ANDERSON T,BALAKRISHNAN H,et al.Open Flow:Enabling Innovation In Campus Networks[C]∥USA:Proc.of ACM SIGCOMM’08,2008:69-74.
[7]刁兴玲.SDN崭新架构下网络安全如何保障[J].通信世界,2015(1):33-34.
[8]SHIN S,GU G.Cloud Watcher:Network Security Monitoring Using Openflow in Dynamic Cloud Networks(Or:How to Provide Security Monitoring as a Service in Clouds?)[C]∥USA:Proc.of the 20 th IEEE International Conference on Network Protocols(ICNP),2012:1-6.
[9]SHIN S,PORRAS P,YEGNESWARAN V,et al.FRESCO:Modular Composable Security Services for Software-defined Networks[C]∥USA:Proc.of NDSS 2012:1-5.
[10]BRAGA R,MOTA M,PASSITO P.Lightweight DDo S Flooding Attack Detection Using NOX/Open Flow[C]∥USA:Proc.of IEEE LCN,2010:408-415.
[11]JAFARIAN J H,AL-SHAER E,DUAN Q.Open Flow Random Host Mutation:Transparent Moving Target Defense Using Software Defined Networking[C]∥Finland:Proc.of Hot SDN’12,2012:127-132.
[12]PORRAS P,SHIN S,YEGNESWARAN V,et al.A Security Enforcement Kernel For Open Flow Networks[C]∥Finland:Proc.of Hot SDN’12,2012:121-126.
[13]CASADO M,FREEDMAN M J,PETTIT J,et al.Ethane:A Logically-centralized Network Architecture for Managing the Security Policies of Enterprise Networks[C]∥Japan:Proc.of ACM SIGCOMM’07,2007:1-12.
[14]BENTON K,CAMP L J,SMALL C.Open Flow Vulnerability Assessment[C]∥USA:Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking,2013:151-152.
[15]KLOTI R,KOTRONIS V,SMITH P.Open Flow:A Security Analysis[C]∥Germany:Proc.of IEEE International Conference on Network Protocol,2013:1-6.
[16]毕军.SDN体系结构与未来网络体系结构创新环境[J].电信科学,2013(8):7-15.
[17]毕军.域间SDN互联技术WE-Bridge及其实验床的研究进展[J].电信科学,2014(8):28-46.
[18]何恩,张德治,郝平.软件定义网络安全研究[J].通信技术,2014(1):86-90.
[19]王淑玲,李济汉,张云勇,等.SDN架构及安全性研究[J].电信科学,2013(3):117-122.
[20]郭春梅,张如辉,毕学尧.SDN网络技术及其安全性研究[J].信息网络安全,2012(8):112-114.
[21]刘文懋,裘晓峰,陈鹏程,等.面向SDN环境的软件定义安全架构[J].计算机科学与探索,2015(1):63-70.
基本信息:
中图分类号:TP393.08
引用信息:
[1]邵延峰,贾哲.软件定义网络安全技术研究[J].无线电工程,2016,46(04):13-17.
基金信息:
国家高技术研究发展计划(“863”计划)基金资助项目(2015AA015701)
2016-03-18
2016-03-18
2016-03-18