摘要
分布式SDN控制器系统已经成为当下研究热点,但分布式的架构也给SDN带来了许多新的安全挑战,其中一个严峻的挑战就是如何在分布式的架构下有效地检测和解决由动态应用产生的潜在的规则冲突。文章通过对传统单控制器下的规则冲突解决方案FortNox的研究,提出了一种分布式SDN控制器系统下的规则冲突解决方案。该方案通过将FortNox扩展到分布式系统中,并添加基于端到端路径的控制器规则冲突解决机制,同时增加新控制器的自举过程,从而解决分布式系统中的规则冲突。仿真实验结果表明,该方案不但可以在分布式系统中实时检测规则冲突,而且当控制器上的恶意程序试图通过插入规则的方式绕开安全应用的规则时,该方案也可以将其有效阻止。
The distributed SDN controller system has become the research focus, but the distributed architecture also introduces new security challenges, one of which is how to efficiently detect and reconcile the potential conlficting lfow rules imposed by dynamic applications. By researching the conlfict solution strategy FortNox with SDN single controller, in this paper we propose one kind of conflict resolution mechanism for the distributed SDN controller system. The scheme extends FortNox into distributed system, and adds controller rule conlfict resolution mechanism based on end-to-end path and adds the bootstrap process of new controller so as to determine the conlfict of lfow rules in the distributed system. Our simulations show that it can not only check lfow rule conlfict in real time under distributed system, but is also effective to stop adversarial application inserting lfow rules to bypass the security lfow rules.
出处
《信息网络安全》
2014年第9期6-11,共6页
Netinfo Security
基金
国家高技术研究发展计划(863计划)[2013AA01A214]
中国科学院战略性先导科技专项[XDA06010702]
关键词
规则冲突
分布式SDN控制器系统
SDN
SDN
rule conlfict
distributed SDN controller system
