本文選題：軟件定義網(wǎng)絡(luò) + 北向安全��； 參考：《電子科技大學(xué)》2017年碩士論文

【摘要】：SDN(軟件定義網(wǎng)絡(luò))解耦了傳統(tǒng)網(wǎng)絡(luò)中的控制平面和數(shù)據(jù)平面,但傳統(tǒng)網(wǎng)絡(luò)中的一些威脅在SDN中依舊存在。隨著網(wǎng)絡(luò)需求的不斷多樣化,個性化,尚未出現(xiàn)標(biāo)準(zhǔn)化的北向接口協(xié)議,而SDN北向上的應(yīng)用將逐漸變得個性化,更加注重細(xì)節(jié)管理。應(yīng)用的來源往往來自第三方廠商,對于應(yīng)用的安全性考證是亟待解決的問題之一。而應(yīng)用的認(rèn)證,授權(quán),訪問控制及問責(zé)機(jī)制是SDN北向安全威脅來源的主要構(gòu)成。同時(shí)控制器能力的限制可能帶來單點(diǎn)故障,為了解決控制器的單點(diǎn)故障,提出多控制器的使用。針對以上內(nèi)容,本文重點(diǎn)研究多控制器下SDN北向的安全問題,提出一套SDN北向安全問題解決方案以及設(shè)計(jì)實(shí)現(xiàn)其相應(yīng)架構(gòu),其主要研究內(nèi)容如下:首先,研究前人對于SDN北向安全問題的研究現(xiàn)狀,針對主要的應(yīng)用的身份認(rèn)證、授權(quán)、權(quán)限、問責(zé)問題,以及單點(diǎn)失效問題,做出分析。接著,本文針對已有的各種安全問題以及前人研究不夠完善之處,提出需求與改進(jìn)想法,設(shè)計(jì)出初步的SDN北向安全問題解決方案及框架;提出自定義的編碼規(guī)則,用于管理應(yīng)用以及控制器的狀態(tài)等。研究權(quán)限劃分,提出新的更細(xì)的更個性化的劃分,并與自定義的編碼規(guī)則結(jié)合,在故障處理以及日常管理時(shí)發(fā)揮作用,為新的SDN網(wǎng)絡(luò)架構(gòu)提供更好的便利性與更強(qiáng)的安全性。然后,在細(xì)節(jié)上完善方案中所給架構(gòu),改進(jìn)現(xiàn)有控制器,添加輔助模塊;設(shè)計(jì)代理控制器具體細(xì)節(jié),用于應(yīng)用,權(quán)限,控制器相關(guān)表單的管理。本文再從解決控制器單點(diǎn)失效問題出發(fā),利用zookeeper的最終一致性等特性與floodlight結(jié)合,構(gòu)想構(gòu)建出多控制器環(huán)境,由改進(jìn)的控制器與代理控制器組成新的多控制器網(wǎng)絡(luò)。在多控制器網(wǎng)絡(luò)環(huán)境下,搭建實(shí)現(xiàn)基礎(chǔ)框架,在框架中預(yù)留出可以自定義的相關(guān)算法接口,在提高安全性的同時(shí)注重可擴(kuò)展性的考慮。最后,對于設(shè)計(jì)出的安全架構(gòu)與floodlight控制器初始架構(gòu)進(jìn)行功能,系統(tǒng)性能等比較,做出安全性能評估,完成SDN北向安全問題解決方案的所有設(shè)計(jì)。
[Abstract]:SDN (Software defined Network) decouples the control plane and data plane in the traditional network, but some threats in the traditional network still exist in SDN. With the diversification of network requirements and individuation, there is no standardized northward interface protocol, and the application of SDN northward will gradually become personalized and pay more attention to detail management. The source of application often comes from third-party manufacturer, and it is one of the problems to be solved urgently to verify the security of application. Application authentication, authorization, access control and accountability are the main sources of SDN security threat. At the same time, the limitation of controller's ability may lead to single point fault. In order to solve the single point fault of controller, the use of multi-controller is proposed. In view of the above, this paper focuses on the security of SDN under multi-controller, and puts forward a set of SDN northward security solution and its corresponding framework. The main research contents are as follows: first of all, This paper studies the research status of SDN northward security, and analyzes the main applications of identity authentication, authorization, authority, accountability, and single point failure. Then, aiming at all kinds of existing security problems and the imperfections of previous researches, this paper puts forward the idea of requirement and improvement, designs a preliminary solution and framework of SDN northward security problem, and proposes a self-defined coding rule. Used to manage applications and the state of controllers, etc. This paper studies the division of permissions, proposes a new, more detailed and more personalized partition, and combines with the custom coding rules to play a role in fault handling and daily management, which provides better convenience and stronger security for the new SDN network architecture. Then, we improve the architecture in detail, improve the existing controller, add auxiliary module, and design the specific details of agent controller for application, permissions, controller related form management. In order to solve the single point failure problem of the controller and combine the final consistency of zookeeper with floodlight, this paper constructs a multi-controller environment, which is composed of improved controller and agent controller. In the multi-controller network environment, the basic implementation framework is built, and the relevant algorithm interface can be defined in the framework, which can improve the security while paying attention to the scalability considerations. Finally, the security architecture is compared with the initial architecture of floodlight controller, the system performance is compared, and the security performance evaluation is made to complete all the design of SDN northward security problem solution.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.0

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 王蒙蒙;劉建偉;陳杰;毛劍;毛可飛;;軟件定義網(wǎng)絡(luò):安全模型、機(jī)制及研究進(jìn)展[J];軟件學(xué)報(bào);2016年04期

2 薛聰;馬存慶;劉宗斌;章慶隆;;一種安全SDN控制器架構(gòu)設(shè)計(jì)[J];信息網(wǎng)絡(luò)安全;2014年09期

3 房秉毅;張歌;張?jiān)朴?黃韜;謝俊峰;;開源SDN控制器發(fā)展現(xiàn)狀研究[J];郵電設(shè)計(jì)技術(shù);2014年07期

4 戴彬;王航遠(yuǎn);徐冠;楊軍;;SDN安全探討:機(jī)遇與威脅并存[J];計(jì)算機(jī)應(yīng)用研究;2014年08期

5 程瑩;張?jiān)朴?;SDN應(yīng)用及北向接口技術(shù)研究[J];信息通信技術(shù);2014年01期

相關(guān)碩士學(xué)位論文 前2條

1 詹志宏;基于SDN的數(shù)據(jù)中心路由策略與安全認(rèn)證研究[D];安徽大學(xué);2016年

2 田宇馳;HSA在SDN環(huán)境下入侵檢測系統(tǒng)中的應(yīng)用[D];吉林大學(xué);2015年

，

本文編號：1957768