本文選題：軟件定義網(wǎng)絡(luò)　切入點(diǎn)：虛擬化　出處：《小型微型計(jì)算機(jī)系統(tǒng)》2013年10期 　論文類型：期刊論文

【摘要】：軟件定義網(wǎng)絡(luò)SDN(Software Defined Networking)的軟件編程特性和開放性帶來很多新的安全挑戰(zhàn),也給網(wǎng)絡(luò)安全帶來了挑戰(zhàn)和機(jī)遇.本文提出了兩種演進(jìn)的SDN網(wǎng)絡(luò)安全架構(gòu):虛擬化安全設(shè)備(Virtualized Security Appliance)和軟件定義安全(Software Defined Security),給出了兩種架構(gòu)的建設(shè)要點(diǎn),并以常規(guī)網(wǎng)絡(luò)入侵、拒絕服務(wù)攻擊和高級持續(xù)威脅等三類典型攻擊場景分析了相應(yīng)的工作原理,以防火墻為例演示了兩種架構(gòu)下的實(shí)現(xiàn),測試表明兩種結(jié)構(gòu)在云計(jì)算中心環(huán)境中性能上是可行的,并且SDN數(shù)據(jù)和控制分離的特性使防火墻可用更少的代碼實(shí)現(xiàn).
[Abstract]:The software programming features and openness of the software definition network SDN(Software Defined networking presents many new security challenges, It also brings challenges and opportunities to network security. This paper proposes two evolving SDN network security architectures: virtualized Security application and software definition security Defined security. Three typical attack scenarios, such as denial of service attack and advanced persistent threat, are analyzed in this paper. Taking firewall as an example, the implementation of the two architectures is demonstrated. The test results show that the performance of the two architectures is feasible in the central environment of cloud computing. And the separation of SDN data and control allows firewalls to be implemented with less code.
【作者單位】： 北京郵電大學(xué)信息通信學(xué)院網(wǎng)絡(luò)體系構(gòu)建與融合北京市重點(diǎn)實(shí)驗(yàn)室;綠盟科技研究院;
【基金】：國家重大專項(xiàng)項(xiàng)目(2012ZX03005008-001)資助 北京市經(jīng)濟(jì)和信息化委員會現(xiàn)代服務(wù)業(yè)專項(xiàng)資金撥款項(xiàng)目資助
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 左青云;陳鳴;趙廣松;邢長友;張國敏;蔣培成;;基于OpenFlow的SDN技術(shù)研究[J];軟件學(xué)報(bào);2013年05期

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 秦q，

本文編號：1649781