A Survey: Typical Security Issues of Software-Defined Networking 被引量：12

A Survey: Typical Security Issues of Software-Defined Networking

下载PDF

导出

摘要 Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed. Software-Defined Networking(SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the "three-layer two-interface" architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module,application isolation, DoS/DDoS defense,multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.

作者 Yifan Liu Bo Zhao Pengyuan Zhao Peiru Fan Hui Liu

机构地区 Key Laboratory of Aerospace Information Security and Trusted Computing School of Cyber Security and Computer

出处《China Communications》 SCIE CSCD 2019年第7期13-31,共19页 中国通信（英文版）

基金 supported by the Wuhan Frontier Program of Application Foundation (No.2018010401011295) National High Technology Research and Development Program of China (“863” Program) (Grant No. 2015AA016002)

关键词 software-defined NETWORKING network SECURITY global SECURITY SECURITY THREAT software-defined networking network security global security security threat

分类号 TN [电子电信]

引文网络
相关文献

参考文献11

1Shuo WANG,Jiao ZHANG,Tao HUANG,Jiang LIU,Yun-jie LIU,F. Richard YU.FlowTrace： measuring round-trip time and tracing path in software-defined networking with low communication overhead[J].Frontiers of Information Technology & Electronic Engineering,2017,18(2):206-219. 被引量：2
2Tao Hu,Peng Yi,Jianhui Zhang,Julong Lan.Reliable and Load Balance-Aware Multi-Controller Deployment in SDN[J].China Communications,2018,15(11):184-198. 被引量：7
3Zeinab Zali,Massoud Reza Hashemi,Ilaria Cianci,Alfredo Grieco,Gennaro Boggia.A Controller-Based Architecture for Information Centric Network Construction and Topology management[J].China Communications,2018,15(7):131-145. 被引量：3
4赵波,张焕国,李晶,陈璐,文松.可信PDA计算平台系统结构与安全机制[J].计算机学报,2010,33(1):82-92. 被引量：49
5石志凯,朱国胜.软件定义网络安全研究[J].计算机应用,2017,37(A01):75-79. 被引量：5
6Ahmed Farouk,J. Batle,M. Elhoseny,Mosayeb Naseri,Muzaffar Lone,Alex Fedorov,Majid Alkhambashi,Syed Hassan Ahmed,M. Abdel-Aty.Robust general N User authentication scheme in a centralized quantum communication network via generalized G HZ states[J].Frontiers of physics,2018,13(2):13-30. 被引量：4
7Lu Ma,Xiangming Wen,Luhan Wang,Zhaoming Lu,Raymond Knopp.An SDN/NFV Based Framework for Management and Deployment of Service Based 5G Core Network[J].China Communications,2018,15(10):86-98. 被引量：22
8冯淼淼,徐展琦,汪春霆,张亚生,肖永伟.基于SDN的卫星网络及南向接口协议扩展[J].无线电通信技术,2017,43(5):19-23. 被引量：1
9张朝昆,崔勇,唐翯翯,吴建平.软件定义网络(SDN)研究进展[J].软件学报,2015,26(1):62-81. 被引量：433
10王涛,陈鸿昶,程国振.软件定义网络及安全防御技术研究[J].通信学报,2017,38(11):133-160. 被引量：32

二级参考文献147

1杨涛,陈福接,沈昌祥.一个安全操作系统S-UNIX的研究与设计[J].计算机学报,1993,16(6):409-415. 被引量：4
2高亭,闫凤利,王志玺.A Simultaneous Quantum Secure Direct Communication Scheme between the Central Party and Other M Parties[J].Chinese Physics Letters,2005,22(10):2473-2476. 被引量：13
3毛健,周玉洁.可信平台芯片的一种硬件攻击防范设计[J].信息技术,2006,30(6):27-29. 被引量：2
4郑宇,何大可,何明星.基于可信计算的移动终端用户认证方案[J].计算机学报,2006,29(8):1255-1264. 被引量：40
5孙勇,陈伟,杨义先.嵌入式系统的可信计算[J].信息安全与通信保密,2006,28(9):50-52. 被引量：10
6张焕国,罗捷,金刚,朱智强,余发江,严飞.可信计算研究进展[J].武汉大学学报（理学版）,2006,52(5):513-518. 被引量：114
7陈志平,雷航,杨霞,李欢.嵌入式安全操作系统的研究和实现[J].计算机工程,2007,33(1):83-85. 被引量：10
8胡中庭,韩臻.操作系统安全可信链的研究与实现[J].信息安全与通信保密,2007,29(2):47-49. 被引量：6
9SHEN ChangXiang,ZHANG HuangGuo,FENG DengGuo,CAO ZhenFu,HUANG JiWu.Survey of information security[J].Science in China(Series F),2007,50(3):273-298. 被引量：39
10Cisco.Cisco Visual Networking Index:Forecast and Methodology,2013-2018.2013.

共引文献599

1张雯雯,许天予,章玥,郑孝遥.SDN数据平面软件一致性测试用例生成方法[J].软件学报,2020(9):2709-2722. 被引量：2
2廖钟,杨杰.策论软件定义网络及安全技术[J].计算机产品与流通,2020,0(2):26-26. 被引量：1
3朱凌云,庄玉娟.神经网络算法在SDN环境下的流量预测研究[J].网络安全技术与应用,2020,0(3):43-45. 被引量：2
4张慧磊,洪涛,陈家焱.基于Android平台的漆包线线径质量监测系统设计[J].科技通报,2020,36(9):47-52.
5冯玮,吴玉芹,孙浩航.SDN与机器学习联合防御DDOS攻击方案研究[J].哈尔滨师范大学自然科学学报,2022,38(6):54-61.
6张路一.基于SDN架构浅谈空管运维新趋势[J].信息通信,2019,32(12):141-142. 被引量：1
7庞双龙,陈晓丹,曾德生,邵翠.云计算环境下基于SDN的数据中心网络架构研究[J].电子技术（上海）,2020(8):31-33. 被引量：4
8王志强.移动互联网时代高等院校校园网建设思路探索——以山东工艺美术学院校园网建设为例[J].电子元器件与信息技术,2022,6(9):208-212. 被引量：2
9下期要目预告[J].电信快报（网络与通信）,2020,0(1):8-8.
10郎为民,马卫国,张寅,安海燕.软件定义网络安全平台研究[J].电信快报（网络与通信）,2020,0(1):2-8. 被引量：8

同被引文献66

1左青云,陈鸣,赵广松,邢长友,张国敏,蒋培成.基于OpenFlow的SDN技术研究[J].软件学报,2013,24(5):1078-1097. 被引量：420
2周烨,杨旭,李勇,苏厉,金德鹏,曾烈光.基于分类的软件定义网络流表更新一致性方案[J].电子与信息学报,2013,35(7):1746-1752. 被引量：17
3刘中金,李勇,苏厉,金德鹏,曾烈光.TCAM存储高效的OpenFlow多级流表映射机制[J].清华大学学报（自然科学版）,2014,54(4):437-442. 被引量：17
4程适,王锐,伍国华,郭一楠,马连博,史玉回.群体智能优化算法[J].郑州大学学报（工学版）,2018,39(6):1-2. 被引量：16
5XIA Jing,CAI Zhiping,HU Gang,XU Ming.An Active Defense Solution for ARP Spoofing in OpenFlow Network[J].Chinese Journal of Electronics,2019,28(1):172-178. 被引量：7
6汤可宗,李慧颖,李娟,罗立民.一种求解复杂优化问题的改进粒子群优化算法[J].南京理工大学学报,2015,39(4):386-391. 被引量：12
7马丁,庄雷,兰巨龙.基于离散粒子群优化的多目标服务路径构建算法[J].通信学报,2017,38(2):94-105. 被引量：5
8刘洲洲,李士宁.基于网络覆盖和多目标离散群集蜘蛛算法的多移动agent规划[J].通信学报,2017,38(6):1-9. 被引量：5
9周亚东,陈凯悦,冷俊园,胡成臣.软件定义网络流表溢出脆弱性分析及防御方法[J].西安交通大学学报,2017,51(10):53-58. 被引量：4
10王涛,陈鸿昶,程国振.软件定义网络及安全防御技术研究[J].通信学报,2017,38(11):133-160. 被引量：32

引证文献12

1金杉,金志刚,李根.一种抗御SYN Flood攻击的采样信息路由评价选择方法[J].信息网络安全,2019(12):22-28.
2刘振鹏,李明,王鑫鹏,任少松,李小菲.基于时序与集合的SDN流表更新策略[J].河北大学学报（自然科学版）,2020,40(4):427-432. 被引量：1
3刘振鹏,王鑫鹏,李明,任少松,李小菲.基于时延和负载均衡的多控制器部署策略[J].郑州大学学报（工学版）,2021,42(3):19-25. 被引量：4
4Liang Jin,Xiaoyan Hu,Yangming Lou,Zhou Zhong,Xiaoli Sun,Huiming Wang,Jiangxing Wu.Introduction to Wireless Endogenous Security and Safety:Problems, Attributes, Structures and Functions[J].China Communications,2021,18(9):88-99. 被引量：10
5刘振鹏,张庆文,李泽园,刘嘉航,董姝慧,赵永刚.软件定义网络中基于贝叶斯ARTMAP的DDoS攻击检测模型[J].河北大学学报（自然科学版）,2021,41(6):728-733. 被引量：7
6唐鑫,徐彦彦,潘少明,宋方振.基于SDN架构的垂直切换算法[J].计算机工程与设计,2022,43(5):1201-1206.
7张艳,杨喜敏,唐菀,刘艳萍,刘宇宸.基于区块链的SDN数据平面错误流规则检测[J].中南民族大学学报（自然科学版）,2022,41(4):467-474. 被引量：2
8刘振鹏,张庆文,李明,李泽园,李小菲.基于蚁群优化算法的SDN路由策略[J].昆明理工大学学报（自然科学版）,2022,47(3):60-66. 被引量：2
9刘振鹏,王仕磊,郭超,陈杰,李小菲.软件定义网络中基于深度神经网络的DDoS攻击检测[J].云南大学学报（自然科学版）,2022,44(4):729-735. 被引量：7
10黄万伟,郑向雨,张超钦,王苏南,张校辉.基于深度强化学习的智能路由技术研究[J].郑州大学学报（工学版）,2023,44(1):44-51. 被引量：2

二级引证文献37

1姚富强,朱勇刚,孙艺夫,郭文龙.无线通信“N+1维”内生抗干扰理论与技术[J].Security and Safety,2023,2(3):29-43.
2金梁,胡晓言,邬江兴.从完美保密到完美安全:基于密码学的内生安全分析[J].Security and Safety,2023,2(3):4-19.
3梁巍,周策,钟政杰.基于粒子群优化的SDN网络多控制器均衡部署算法[J].自动化与仪器仪表,2022(5):53-56. 被引量：5
4金梁,孙小丽,钟州,许晓明,陈如翰,张剑,邬江兴.无线通信发展范式与RIS的赋能作用[J].中兴通讯技术,2022,28(3):3-12. 被引量：1
5诸葛斌,王林超,宋杨,邵瑜,董黎刚,蒋献.基于LSTM流量预测的路由规划和切换[J].电信科学,2022,38(8):86-100. 被引量：1
6原迪.软件定义数据中心网络中自适应路由技术[J].电子产品世界,2022,29(9):74-76. 被引量：2
7刘彩霞,季新生,邬江兴.移动通信网的内生安全共性问题及破解之道[J].通信学报,2022,43(9):70-79. 被引量：3
8万颖,钱克昌,邢鹏.基于SDN的天地一体化网络控制器部署方法综述[J].计算机测量与控制,2022,30(11):1-10. 被引量：2
9黄万伟,郑向雨,张超钦,王苏南,张校辉.基于深度强化学习的智能路由技术研究[J].郑州大学学报（工学版）,2023,44(1):44-51. 被引量：2
10Xinsheng JI,Jiangxing WU,Liang JIN,Kaizhi HUANG,Yajun CHEN,Xiaoli SUN,Wei YOU,Shumin HUO,Jing YANG.Discussion on a new paradigm of endogenous security towards 6G networks[J].Frontiers of Information Technology & Electronic Engineering,2022,23(10):1421-1450. 被引量：2

1Tao Hu,Peng Yi,Jianhui Zhang,Julong Lan.Reliable and Load Balance-Aware Multi-Controller Deployment in SDN[J].China Communications,2018,15(11):184-198. 被引量：7
2WANG Yangyang,BI Jun.Survey of Mechanisms for Inter-Domain SDN[J].ZTE Communications,2017,15(3):8-12.
3CHEN Yan,WEN Xitao,LENG Xue,YANG Bo,Li Erran Li,ZHENG Peng,HU Chengchen.Optimization Framework for Minimizing Rule Update Latency in SDN Switches[J].ZTE Communications,2018,16(4):15-29. 被引量：1
4BAI Jiasong,ZHANG Menghao,BI Jun.Survey of Attacks and Countermeasures for SDN[J].ZTE Communications,2018,16(4):3-8.
5尹然然.基于凸优化的未来网络资源分配策略[J].西安文理学院学报（自然科学版）,2018,21(4):50-53. 被引量：1
6史久根,邾伟,贾坤荥,徐颖.软件定义网络中基于负载均衡的多控制器部署算法[J].电子与信息学报,2018,40(2):455-461. 被引量：21
7郝鹏宇,唐华俊,陈仲新,牛铮.基于历史增强型植被指数时序的农作物类型早期识别[J].农业工程学报,2018,34(13):179-186. 被引量：18
8Future Networked Car Symposium[J].China Standardization,2019,84(1):61-61.
9Chao Qi,Jiangxing Wu,Guozhen Cheng,Jianjian Ai,Shuo Zhao.An Aware-Scheduling Security Architecture with Priority-Equal Multi-Controller for SDN[J].China Communications,2017,14(9):144-154. 被引量：4
10Rustam Khuramov.New Political Dynamism in Central Asia:Security Issues and Prospects for Regional Cooperation[J].Contemporary International Relations,2019,29(2):97-104. 被引量：1

China Communications

2019年第7期

浏览历史

内容加载中请稍等...