信息网络安全 ›› 2018, Vol. 18 ›› Issue (1): 15-22.doi: 10.3969/j.issn.1671-1122.2018.01.003

• • 上一篇    下一篇

一种基于属性基加密的增强型软件定义网络安全框架

石悦1(), 李相龙2, 戴方芳1   

  1. 1.中国信息通信研究院,北京 100191
    2.赤峰市公安局网安支队,内蒙古赤峰 024000
  • 收稿日期:2017-11-10 出版日期:2018-01-20 发布日期:2020-05-11
  • 作者简介:

    作者简介:石悦(1987—),男,北京,中级工程师,博士,主要研究方向为虚拟化网络安全;李相龙(1977—),男,内蒙古,本科,主要研究方向为电子物证鉴定;戴方芳(1989—),女,江西,中级工程师,博士,主要研究方向为网络安全标准、技术及政策法规。

  • 基金资助:
    国家高技术研究发展计划(863计划)[2015AA016106];国家自然科学基金 [61471129]

An Enhanced Security Framework of Software Defi ned Network Based on Attribute-based Encryption

Yue SHI1(), Xianglong LI2, Fangfang DAI1   

  1. 1.China Academy of Information and Communications Technolog, Beijing 100191, China
    2. Chifeng Public Security Bureau Network Security Defend Detachment, Chifeng Inner Mongolia 024000, China
  • Received:2017-11-10 Online:2018-01-20 Published:2020-05-11

摘要:

随着信息网络的发展,云计算、大数据、虚拟化技术推动各类新型网络应用不断涌现,以满足各类互联网业务需求。其中,SDN是一种新型的网络架构,将网络的控制平面与数据转发平面进行分离,从而通过集中化控制器中的软件平台去控制底层硬件,实现对网络资源灵活的按需调配。在SDN的发展和应用过程中,其开放性的网络架构暴露了越来越多的安全问题,如何构建安全的SDN网络成为业界关注重点。文章基于SDN网络架构,结合SDN各层网络的特点,分析了应用层、控制层、资源层和通道层所面临的安全威胁。为应对这些安全威胁,提出了SDN各层网络应具备的安全防护能力,形成了完整的SDN网络安全框架,并基于属性基加密,提出了可提供增强安全的细粒度访问控制策略。

关键词: 软件定义网络, 安全威胁, 细粒度访问控制

Abstract:

As the development of the information network, cloud computing, big data, virtualization technology pushing several of new applications emerged. As a novel network architecture, Software defined network (SDN) provided the separation of control plane and data plane, thus controlling the hardware by the software platform which in the central controller, to realize the flexible deployment of network resource. In the process of SDN developing and application, its open architecture exposed more and more security problem, how to build a secure SDN becomes the focus of attention. Based on the hierarchical SDN architecture and characteristics, this paper analyzes the security threats that may face the SDN application layer, control layer, resource layer and interface layer. In order to solve these security threats, this paper presents the corresponding defense ability, and forms a whole SDN security architecture. Adopting an attribute-based encryption method, the paper also puts forward an enhanced access control strategy.

Key words: software defined network, security threats, fine-grained access control

中图分类号: