高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

一种软件定义网络的安全服务链动态组合机制

熊钢 胡宇翔 段通 兰巨龙

downloadPDF
文章导航 > 电子与信息学报  > 2016 >  38(5): 1234-1241
熊钢, 胡宇翔, 段通, 兰巨龙. 一种软件定义网络的安全服务链动态组合机制[J]. 电子与信息学报, 2016, 38(5): 1234-1241. doi: 10.11999/JEIT150876
引用本文: 熊钢, 胡宇翔, 段通, 兰巨龙. 一种软件定义网络的安全服务链动态组合机制[J]. 电子与信息学报, 2016, 38(5): 1234-1241. doi: 10.11999/JEIT150876
shu
XIONG Gang, HU Yuxiang, DUAN Tong, LAN Julong. A Dynamic Composition Mechanism for the Security Service Chain Oriented Software Defined Networking[J]. Journal of Electronics & Information Technology, 2016, 38(5): 1234-1241. doi: 10.11999/JEIT150876
Citation: XIONG Gang, HU Yuxiang, DUAN Tong, LAN Julong. A Dynamic Composition Mechanism for the Security Service Chain Oriented Software Defined Networking[J]. Journal of Electronics & Information Technology, 2016, 38(5): 1234-1241. doi: 10.11999/JEIT150876
shu

一种软件定义网络的安全服务链动态组合机制

doi: 10.11999/JEIT150876
基金项目: 

国家重点基础研究发展计划(2012CB315901, 2013CB329104),国家自然科学基金(61309019, 61372121),国家高技术研究发展计划(2013AA013505)

A Dynamic Composition Mechanism for the Security Service Chain Oriented Software Defined Networking

Funds: 

The National Basic Research Program of China (2012CB315901, 2013CB329104), The National Natural Science Foundation of China (61309019, 61372121), The National High Technology Research and Development Program of China (2013AA013505)

    摘要
  • 摘要: 网络安全功能与硬件设备的紧耦合关系,造成传统网络安全服务模式静态僵化,难以满足未来业务发展的多样化安全需求。为此,基于软件定义网络环境,该文提出一种灵活可配的安全服务链动态组合机制。首先,介绍了该机制的总体结构,并建立了基于向量空间和整数规划的组合模型。其次,设计了启发式算法进行模型求解,并构建了该机制的实现原型。最后,实验结果表明所提组合算法在性能指标上优于对比算法,并且试验验证了该机制的优势。
    Abstract: The close relationship between the network security function and the hardware devices causes the static rigidity of the traditional security service mode, which is difficult to meet the various security requirement of future network business development. Based on the features of the Software Defined Networking (SDN), a dynamic composition mechanism is proposed for the Composable Security Service Chain (CSSC). First, the overall framework is introduced, and a mathematical model about the composition problem is established by the vector space and integer programming. Then, a heuristic algorithm is designed for solving the model, and the prototype is achieved in SDN environment. Finally, the results of the experiments show that the proposed algorithm outperforms the compared ones, and the advantage of the CSSC is validated by the simulation.
    • HTML全文
    • 参考文献(26)
  • 兰巨龙, 程东年, 胡宇翔. 可重构信息通信基础网络体系研究
    [J]. 通信学报, 2014, 35(1): 64-76. doi: 10.3969/j.issn. 1000- 436x.2014.01.015.
    LAN J L, CHENG D N, and HU Y X. Research on reconfigurable information communication basal network architecture[J]. Journal on Communications, 2014, 35(1): 64-76. doi: 10.3969/j.issn.1000-436x.2014.01.015.
    PAUL S, PAN J L, and JAIN R. Architectures for the future networks and next generation internet: a survey[J]. Computer Communications, 2011, 34(1): 2-42. doi: 10.1016/j.comcom. 2010.08.001.
    黄韬, 刘江, 霍如, 等. 未来网络体系架构研究综述[J]. 通信学报, 2014, 35(8): 184-197. doi: 10.3969/j.issn.1000-436x. 2014.08.023.
    HUANG T, LIU J, HUO R, et al. Survey of research on future network architectures[J]. Journal on Communications, 2014, 35(8): 184-197. doi: 10.3969/j.issn.1000-436x. 2014.08.023.
    张宏科, 罗洪斌. 智慧协同网络体系基础研究[J]. 电子学报, 2013, 41(7): 1249-1255. doi: 10.3969/j.issn.0372-2112. 2013.07.001.
    ZHANG H K and LUO H B. Fundamental research on theories of smart and cooperative network[J]. Acta Electronica Sinica, 2013, 41(7): 1249-1255. doi: 10.3969/j.issn. 0372-2112. 2013.07.001.
    MCKEOWN N, ANDERSON T, BALAKRISHAN H, et al. OpenFlow: Enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2): 69-74. doi: 10.1145/1355734.1355746.
    左青云, 陈鸣, 赵广松, 等. 基于OpenFlow的SDN技术研究[J]. 软件学报, 2013, 24(5): 1078-1097. doi: 10.3724/SP.J. 1001.2013.04390.
    ZUO Q Y, CHEN M, ZHAO G S, et al. Research on OpenFlow-based SDN technologies[J]. Journal of Software, 2013, 24(5): 1078-1097. doi: 10.3724/SP.J. 1001.2013.04390.
    周烨, 杨旭, 李勇, 等. 基于分类的软件定义网络流表更新一致性方案[J]. 电子与信息学报, 2013, 35(7): 1746-1752. doi: 10.3724/SP.J.1146.2012.01431.
    ZHOU Y, YANG X, LI Y, et al. Classification based consistent flow update scheme in software defined network[J]. Journal of Electronics Information Technology, 2013, 35(7): 1746-1752. doi: 10.3724/SP.J.1146.2012.01431.
    CHIOSI M, CLARKE D, WILLIS P, et al. Network functions virtualization-introductory white paper[R]. SDN and OpenFlow World Congress, Germany, 2012.
    SHIN S, PORRAS P, YEGNESWARAN V, et al. FRESCO: modular composable security services for software-defined networks[C]. Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, 2013: 1-16.
    QAZI Z, TU C C, and CHIANG L. SIMPLE-fying middlebox policy enforcement using SDN[C]. Proceedings of the ACM SIGCOMM13, Hong Kong, China, 2013: 27-38.
    LEE W, CHOI Y H, and KIM N. Study on virtual service chain for secure software defined networking[J]. Advanced Science and Technology Letters, 2013, 29(13): 177-180.
    GUSHCHIN A, WALID A, and TANG A. Scalable routing in SDN-enabled networks with consolidated middleboxes[C]. Proceedings of the HotMiddlebox15, London, United Kingdom, 2015: 55-60.
    CHENG G Z, CHEN H C, CHEN S Q, et al. How to make network nodes adaptive?[J]. IEEE Communications Letters, 2014, 18(3): 515-518. doi: 10.1109/LCOMM.2014.011714. 132622.
    AARON G J, RAAJAY V, CHAITHAN P, et al. OpenNF: enabling innovation in network function control[C]. Proceedings of the ACM SIGCOMM14, Chicago, IL, USA, 2014: 163-174.
    ISO7498-2. Information processing systems-open systems interconnection basic reference model-part 2: security architecture[S]. British Standard, 1989.
    陈杰, 刘建伟, 王蒙蒙, 等. 基于安全基片的可重构网络安全管控机制[J]. 电信科学, 2014, 30(7): 19-25. doi: 10.3969/ j.issn.1000-0801.2014.07.004.
    CHEN J, LIU J W, WANG M M, et al. Security substrate based security management and control mechanism of reconfigurable network[J]. Telecommunications Science, 2014, 30(7): 19-25. doi: 10.3969/ j.issn.1000-0801.2014.07.004.
    MOORE R. Global optimization to prescribed accuracy[J]. Computers Mathematics with Applications, 1991, 21(6/7): 2539. doi: 10.1016/0898-1221(91)90158-Z.
    Gibb G. NetFPGA-10G project [OL]. https://github.com/ NetFPGA/NetFPGA-public/wiki, 2014.
    GEBERT S, PRIES R, SCHLOSSER D, et al. Internet access traffic measurement and analysis[J]. LNCS, 2012, 7189: 2942. doi: 10.1007/978-3-642-28534-9_3.
    • 相关文章
    • 施引文献
  • 资源附件(0)
  • 加载中
计量
  • 文章访问数:  1520
  • HTML全文浏览量:  157
  • PDF下载量:  611
  • 被引次数: 0
出版历程
  • 收稿日期:  2015-07-21
  • 修回日期:  2015-12-18
  • 刊出日期:  2016-05-19

目录

    /

    返回文章
    返回

    Copyright © 2018《电子与信息学报》编辑部 京ICP备20021838号-8

    中国科学院电子学研究所,北京市2702信箱,邮编:100190

    电话:010-58887066传真:021-64253812Email:jeit@mail.ie.ac.cn

    本系统由 北京仁和汇智信息技术有限公司 开发    百度统计