摘要
软件定义网络(SDN)的集中化控制面给网络管理带来了很大的便利,但也引入了很多安全隐患。针对控制器的单点故障、未知的漏洞和后门、静态配置等安全性问题,提出一种基于拜占庭协议的安全结构,控制器之间执行拜占庭协议,每个交换设备由一个控制器视图管理,多控制器裁决后给出控制信息。此外,将动态性、异构性引入到结构中,打破了攻击链,增强了网络的主动防御能力;通过对控制器异构性的量化,设计了两阶段控制器视图的选举算法,保证了网络的可用性和视图的安全性。仿真结果表明,与传统结构相比,所提结构的抗攻击能力更强。
Great convenience has been brought by the centralized control plane of Software-Defined Network( SDN), but a lot of security risks have been introduced into it as well. In the light of single point failure, unknown vulnerabilities and back doors, static configuration and other security problems of the controller, a secure architecture for SDN based on Byzantine protocol was proposed, in which the Byzantine protocol was executed between controllers and each switching device was controlled by a controller view and control messages were decided by several controllers. Furthermore, the dynamics and heterogeneity were introduced into the proposed structure, so that the attack chain was broken and the capabilities of network active defense were enhanced; moreover, based on the quantification of the controller heterogeneity, a two-stage algorithm was designed to seek for the controller view, so that the availability of the network and the security of the controller view were ensured. Simulation results show that compared with the traditional structure, the proposed structure is more resistant to attacks.
出处
《计算机应用》
CSCD
北大核心
2017年第8期2281-2286,共6页
journal of Computer Applications
基金
国家863计划项目(2015AA016102)
国家自然科学基金资助项目(61521003
61372121)
国家重点研发计划项目(2016YFB0800100)~~
关键词
动态性
异构性
拜占庭容错
软件定义网络
抗攻击性
dynamics
heterogeneity
Byzantine Fault-Tolerance(BFT)
Software Defined Network(SDN)
antiattacking
