摘要
Aiming at the problem that network topology changes frequently in SDN (Software Defined Network) environment and it is difficult to implement fine-grained access control, utilizing the characteristics of SDN transfer control separation and software programming, the ABAC model (Attribute-Based Access Control) is extended by introducing security level, and the security level is defined for the attributes of subject and object to establish the access mapping relationship based on mandatory access rules. At the same time, with secure access path as SDN access control attribute, a dynamic generation method of access control path based on PSO (Particle Swarm Optimization) algorithm is designed to ensure the security of access data flow. The prototype system experiments show that the proposed method takes into account the fine-grained and dynamic requirements of SDN access control, and improves the access security of SDN while ensuring the access efficiency.
Aiming at the problem that network topology changes frequently in SDN (Software Defined Network) environment and it is difficult to implement fine-grained access control, utilizing the characteristics of SDN transfer control separation and software programming, the ABAC model (Attribute-Based Access Control) is extended by introducing security level, and the security level is defined for the attributes of subject and object to establish the access mapping relationship based on mandatory access rules. At the same time, with secure access path as SDN access control attribute, a dynamic generation method of access control path based on PSO (Particle Swarm Optimization) algorithm is designed to ensure the security of access data flow. The prototype system experiments show that the proposed method takes into account the fine-grained and dynamic requirements of SDN access control, and improves the access security of SDN while ensuring the access efficiency.
