Journal of Software:2016.27(4):969-992

(北京航空航天大学 电子信息工程学院 信息与网络安全实验室, 北京 100191)
Software Defined Networking:Security Model, Threats and Mechanism
WANG Meng-Meng,LIU Jian-Wei,CHEN Jie,MAO Jian,MAO Ke-Fei
(Laboratory of Information and Network Security, School of Electronic and Information Engineering, BeiHang University, Beijing 100191, China)
Chart / table
Similar Articles
Article :Browse 7757   Download 6477
Received:May 18, 2015    Revised:August 17, 2015
> 中文摘要: 软件定义网络(software defined networking,简称SDN)初步实现了网络控制面与数据面分离的思想,然而在提供高度开放性和可编程性的同时,网络自身也面临着诸多安全问题,从而限制了SDN在很多场景下的大规模部署和应用.首先对SDN的架构和安全模型进行分析;其次,从"SDN特有/非特有的典型安全问题"和"SDN各层/接口面临的安全威胁"两方面,对SDN中存在的典型安全威胁和安全问题进行分析和归纳;随后从6个方面对现有SDN安全问题的主要解决思路及其最新研究进展分别进行探讨,包括SDN安全控制器的开发、控制器可组合安全模块库的开发和部署、控制器DoS/DDoS攻击防御方法、流规则的合法性和一致性检测、北向接口的安全性和应用程序安全性;最后对SDN安全方面的标准化工作进行了简要分析,并对SDN安全方面未来的研究趋势进行了展望.
Abstract:Software defined networking(SDN) facilitates rapid and open innovation by decoupling the control plane from the data plane, thus enabling high degree of openness and programmability in network protocols and applications. However, the dynamism of programmable networks also introduces new security challenges, which limit the large-scale application of SDN in many places. This paper presents a comprehensive survey on the security of SDN. First, SDN architecture and the security model of SDN are reviewed. Next, typical security threats and security issues of SDN are summarized and classified from the following two aspects:SDN specific and non-specific threats, and the security issues associated with the SDN framework. Then an in-depth analysis is provided on the latest developments in how to build a secure and dependable SDN from the following six aspects:Building a secure SDN controller or network operating system, the modular composable security services for SDN, DoS/DDoS flooding attack prevention and detection for SDN controllers, conflict resolutions and consistency resolutions for flow rules in SDN, the security of northbound application programming interface(API), and the security of applications in SDN. Finally, a brief analysis of the standardization work on SDN security is provided, along with a discussion on future research trends in building more secured SDN.
文章编号:     中图分类号:    文献标志码:
基金项目:国家重点基础研究发展计划(973)(2012CB315905);国家自然科学基金(61272501,61402029,61370190) 国家重点基础研究发展计划(973)(2012CB315905);国家自然科学基金(61272501,61402029,61370190)
Foundation items:National Key Basic Research Program (973) (2012CB315905); National Natural Science Foundation of China (61272501, 61402029, 61370190)
Reference text:


WANG Meng-Meng,LIU Jian-Wei,CHEN Jie,MAO Jian,MAO Ke-Fei.Software Defined Networking:Security Model, Threats and Mechanism.Journal of Software,2016,27(4):969-992