高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

一种软件定义网络的安全服务链动态组合机制

熊钢 胡宇翔 段通 兰巨龙

熊钢, 胡宇翔, 段通, 兰巨龙. 一种软件定义网络的安全服务链动态组合机制[J]. 电子与信息学报, 2016, 38(5): 1234-1241. doi: 10.11999/JEIT150876
引用本文: 熊钢, 胡宇翔, 段通, 兰巨龙. 一种软件定义网络的安全服务链动态组合机制[J]. 电子与信息学报, 2016, 38(5): 1234-1241. doi: 10.11999/JEIT150876
XIONG Gang, HU Yuxiang, DUAN Tong, LAN Julong. A Dynamic Composition Mechanism for the Security Service Chain Oriented Software Defined Networking[J]. Journal of Electronics & Information Technology, 2016, 38(5): 1234-1241. doi: 10.11999/JEIT150876
Citation: XIONG Gang, HU Yuxiang, DUAN Tong, LAN Julong. A Dynamic Composition Mechanism for the Security Service Chain Oriented Software Defined Networking[J]. Journal of Electronics & Information Technology, 2016, 38(5): 1234-1241. doi: 10.11999/JEIT150876

一种软件定义网络的安全服务链动态组合机制

doi: 10.11999/JEIT150876
基金项目: 

国家重点基础研究发展计划(2012CB315901, 2013CB329104),国家自然科学基金(61309019, 61372121),国家高技术研究发展计划(2013AA013505)

A Dynamic Composition Mechanism for the Security Service Chain Oriented Software Defined Networking

Funds: 

The National Basic Research Program of China (2012CB315901, 2013CB329104), The National Natural Science Foundation of China (61309019, 61372121), The National High Technology Research and Development Program of China (2013AA013505)

  • 摘要: 网络安全功能与硬件设备的紧耦合关系,造成传统网络安全服务模式静态僵化,难以满足未来业务发展的多样化安全需求。为此,基于软件定义网络环境,该文提出一种灵活可配的安全服务链动态组合机制。首先,介绍了该机制的总体结构,并建立了基于向量空间和整数规划的组合模型。其次,设计了启发式算法进行模型求解,并构建了该机制的实现原型。最后,实验结果表明所提组合算法在性能指标上优于对比算法,并且试验验证了该机制的优势。
  • 兰巨龙, 程东年, 胡宇翔. 可重构信息通信基础网络体系研究
    [J]. 通信学报, 2014, 35(1): 64-76. doi: 10.3969/j.issn. 1000- 436x.2014.01.015.
    LAN J L, CHENG D N, and HU Y X. Research on reconfigurable information communication basal network architecture[J]. Journal on Communications, 2014, 35(1): 64-76. doi: 10.3969/j.issn.1000-436x.2014.01.015.
    PAUL S, PAN J L, and JAIN R. Architectures for the future networks and next generation internet: a survey[J]. Computer Communications, 2011, 34(1): 2-42. doi: 10.1016/j.comcom. 2010.08.001.
    黄韬, 刘江, 霍如, 等. 未来网络体系架构研究综述[J]. 通信学报, 2014, 35(8): 184-197. doi: 10.3969/j.issn.1000-436x. 2014.08.023.
    HUANG T, LIU J, HUO R, et al. Survey of research on future network architectures[J]. Journal on Communications, 2014, 35(8): 184-197. doi: 10.3969/j.issn.1000-436x. 2014.08.023.
    张宏科, 罗洪斌. 智慧协同网络体系基础研究[J]. 电子学报, 2013, 41(7): 1249-1255. doi: 10.3969/j.issn.0372-2112. 2013.07.001.
    ZHANG H K and LUO H B. Fundamental research on theories of smart and cooperative network[J]. Acta Electronica Sinica, 2013, 41(7): 1249-1255. doi: 10.3969/j.issn. 0372-2112. 2013.07.001.
    MCKEOWN N, ANDERSON T, BALAKRISHAN H, et al. OpenFlow: Enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2): 69-74. doi: 10.1145/1355734.1355746.
    左青云, 陈鸣, 赵广松, 等. 基于OpenFlow的SDN技术研究[J]. 软件学报, 2013, 24(5): 1078-1097. doi: 10.3724/SP.J. 1001.2013.04390.
    ZUO Q Y, CHEN M, ZHAO G S, et al. Research on OpenFlow-based SDN technologies[J]. Journal of Software, 2013, 24(5): 1078-1097. doi: 10.3724/SP.J. 1001.2013.04390.
    周烨, 杨旭, 李勇, 等. 基于分类的软件定义网络流表更新一致性方案[J]. 电子与信息学报, 2013, 35(7): 1746-1752. doi: 10.3724/SP.J.1146.2012.01431.
    ZHOU Y, YANG X, LI Y, et al. Classification based consistent flow update scheme in software defined network[J]. Journal of Electronics Information Technology, 2013, 35(7): 1746-1752. doi: 10.3724/SP.J.1146.2012.01431.
    CHIOSI M, CLARKE D, WILLIS P, et al. Network functions virtualization-introductory white paper[R]. SDN and OpenFlow World Congress, Germany, 2012.
    SHIN S, PORRAS P, YEGNESWARAN V, et al. FRESCO: modular composable security services for software-defined networks[C]. Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, 2013: 1-16.
    QAZI Z, TU C C, and CHIANG L. SIMPLE-fying middlebox policy enforcement using SDN[C]. Proceedings of the ACM SIGCOMM13, Hong Kong, China, 2013: 27-38.
    LEE W, CHOI Y H, and KIM N. Study on virtual service chain for secure software defined networking[J]. Advanced Science and Technology Letters, 2013, 29(13): 177-180.
    GUSHCHIN A, WALID A, and TANG A. Scalable routing in SDN-enabled networks with consolidated middleboxes[C]. Proceedings of the HotMiddlebox15, London, United Kingdom, 2015: 55-60.
    CHENG G Z, CHEN H C, CHEN S Q, et al. How to make network nodes adaptive?[J]. IEEE Communications Letters, 2014, 18(3): 515-518. doi: 10.1109/LCOMM.2014.011714. 132622.
    AARON G J, RAAJAY V, CHAITHAN P, et al. OpenNF: enabling innovation in network function control[C]. Proceedings of the ACM SIGCOMM14, Chicago, IL, USA, 2014: 163-174.
    ISO7498-2. Information processing systems-open systems interconnection basic reference model-part 2: security architecture[S]. British Standard, 1989.
    陈杰, 刘建伟, 王蒙蒙, 等. 基于安全基片的可重构网络安全管控机制[J]. 电信科学, 2014, 30(7): 19-25. doi: 10.3969/ j.issn.1000-0801.2014.07.004.
    CHEN J, LIU J W, WANG M M, et al. Security substrate based security management and control mechanism of reconfigurable network[J]. Telecommunications Science, 2014, 30(7): 19-25. doi: 10.3969/ j.issn.1000-0801.2014.07.004.
    MOORE R. Global optimization to prescribed accuracy[J]. Computers Mathematics with Applications, 1991, 21(6/7): 2539. doi: 10.1016/0898-1221(91)90158-Z.
    Gibb G. NetFPGA-10G project [OL]. https://github.com/ NetFPGA/NetFPGA-public/wiki, 2014.
    GEBERT S, PRIES R, SCHLOSSER D, et al. Internet access traffic measurement and analysis[J]. LNCS, 2012, 7189: 2942. doi: 10.1007/978-3-642-28534-9_3.
  • 加载中
计量
  • 文章访问数:  1578
  • HTML全文浏览量:  172
  • PDF下载量:  611
  • 被引次数: 0
出版历程
  • 收稿日期:  2015-07-21
  • 修回日期:  2015-12-18
  • 刊出日期:  2016-05-19

目录

    /

    返回文章
    返回