摘要
Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.
Software-Defined Networking(SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the "three-layer two-interface" architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module,application isolation, DoS/DDoS defense,multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.
基金
supported by the Wuhan Frontier Program of Application Foundation (No.2018010401011295)
National High Technology Research and Development Program of China (“863” Program) (Grant No. 2015AA016002)