Solution for Rule Conflict under Distributed SDN Controller System

doi:10.3969/j.issn.1671-1122.2014.09.002

Abstract

Abstract: The distributed SDN controller system has become the research focus, but the distributed architecture also introduces new security challenges, one of which is how to efficiently detect and reconcile the potential conflicting flow rules imposed by dynamic applications. By researching the conflict solution strategy FortNox with SDN single controller, in this paper we propose one kind of conflict resolution mechanism for the distributed SDN controller system. The scheme extends FortNox into distributed system, and adds controller rule conflict resolution mechanism based on end-to-end path and adds the bootstrap process of new controller so as to determine the conflict of flow rules in the distributed system. Our simulations show that it can not only check flow rule conflict in real time under distributed system, but is also effective to stop adversarial application inserting flow rules to bypass the security flow rules.

Key words: SDN, rule conflict, distributed SDN controller system

WANG Xin, GAO Neng, MA Cun-qing, XUE Cong. Solution for Rule Conflict under Distributed SDN Controller System[J]. 信息网络安全, 2014, 14(9): 6-6.

[1]	SHI Xiangquan, TAO Jing, ZHAO Baokang. A Network Access Control System in Virtualized Environments [J]. Netinfo Security, 2019, 19(10): 1-9.
[2]	LAI Chengzhe, WANG Wenjuan. Secure Mobility Management Framework with Privacy Preservation for Vehicle Platoon [J]. 信息网络安全, 2018, 18(7): 36-46.
[3]	DONG Qinghe, HE Qian, JIANG Bingcheng, LIU Peng. Scheme of Cloud Database Oriented Multi-tenant Attribute-based Security Isolation and Data Protection [J]. 信息网络安全, 2018, 18(7): 60-68.
[4]	ZHU Weijun, FAN Yongwen, BAN Shaohuan. A Mimic-automaton-based Model for the MSISDN Virtualization and Its Method for Verifying the Security [J]. 信息网络安全, 2018, 18(4): 15-22.
[5]	WEI Zhanzhen, WANG Shourong, LI Zhaobin, LI Weilong. Research on SDN Terminal Access Control Based on OpenFlow [J]. 信息网络安全, 2018, 18(4): 23-31.
[6]	LI Jianfeng, LIU Yuan, ZHANG Hao, WANG Xiaofeng. Research and Implementation of Routing Performance Optimization for IaaS Cloud Platform [J]. 信息网络安全, 2017, 17(9): 10-15.
[7]	MEN Hong, YAO Shunli. Research on a Framework Based on Virtual Cloud Network for Monitoring Safe Production [J]. 信息网络安全, 2017, 17(3): 14-20.
[8]	XU Yang, CHEN Yi, HE Rui, XIE Xiaoyao. Research of DDoS Detection and Multi-layer Defense in SDN [J]. 信息网络安全, 2017, 17(12): 22-28.
[9]	LIANG Haoming, CHEN Chunlin, LIU Xi, LIU Zhipeng. Design and Research on Malicious Web Sites Prevention Model Based on OpenFlow [J]. 信息网络安全, 2017, 17(1): 77-83.
[10]	QI Yu. Research on the Security of SDN [J]. 信息网络安全, 2016, 16(9): 69-72.
[11]	CHEN Yingcong, CHEN Guangqing, CHEN Zhiming, WAN Neng. A Binary Code Analysis of Vulnerability Scanning Method for SDN Smart Power Grid [J]. 信息网络安全, 2016, 16(7): 35-39.
[12]	WU Zehui, WEI Qiang. A Secure Fault Recovery Approach Using OwnShip-Proof Model for Controller Cluster of Software Defined Networks [J]. 信息网络安全, 2016, 16(12): 13-18.
[13]	WANG Gang. Research on Multi-zone Secure Cloud Computing Fabrics Based on SDN Technology [J]. 信息网络安全, 2015, 15(9): 20-24.
[14]	XUE Cong, MA Cun-qing, LIU Zong-bin, ZHANG Qing-long. Design of Secure SDN Controller Architecture [J]. 信息网络安全, 2014, 14(9): 34-38.
[15]	. Research on Cloud Computing, SDN and Security Technology [J]. , 2013, 13(10): 0-0.

Solution for Rule Conflict under Distributed SDN Controller System

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments