通信学报 ›› 2017, Vol. 38 ›› Issue (11): 133-160.doi: 10.11959/j.issn.1000-436x.2017221

• 综述 • 上一篇    下一篇

软件定义网络及安全防御技术研究

王涛,陈鸿昶,程国振   

  1. 国家数字交换系统工程技术研究中心,河南 郑州 450003
  • 修回日期:2017-09-21 出版日期:2017-11-01 发布日期:2017-12-13
  • 作者简介:王涛(1993-),男,山东临朐人,国家数字交换系统工程技术研究中心博士生,主要研究方向为新型网络体系架构、网络安全等。|陈鸿昶(1964-),男,河南新密人,博士,国家数字交换系统工程技术研究中心教授、博生生导师,主要研究方向为新型网络体系架构、网络安全、大数据技术等。|程国振(1986-),男,山东定陶人,博士,国家数字交换系统工程技术研究中心助理研究员,主要研究方向为新型网络体系架构、网络安全等。
  • 基金资助:
    国家自然科学基金资助项目(61521003);国家自然科学基金资助项目(61602509);国家重点研发计划基金资助项目(2016YFB0800100);国家重点研发计划基金资助项目(2016YFB0800101)

Research on software-defined network and the security defense technology

Tao WANG,Hong-chang CHEN,Guo-zhen CHENG   

  1. National Digital Switching System Engineering and Technological Research Center,Zhengzhou 450003,China
  • Revised:2017-09-21 Online:2017-11-01 Published:2017-12-13
  • Supported by:
    The National Natural Science Foundation of China(61521003);The National Natural Science Foundation of China(61602509);The National Key Research and Development Program of China(2016YFB0800100);The National Key Research and Development Program of China(2016YFB0800101)

摘要:

软件定义网络(SDN,software-defined networking)将传统网络控制平面与转发平面分离,形成集中式的控制器,开放了网络编程接口,简化网络管理,促进网络创新,优化网络运行。然而,SDN的“三层两接口” 架构增加了网络攻击表面,导致诸多新的安全问题。首先,介绍 SDN 发展、特点及其工作原理,继而从应用层、北向接口、控制层、南向接口、数据层等5个层次归纳存在的安全问题,分析产生的原因;其次,针对各类安全问题讨论最新研究进展及现有解决方案;最后,总结SDN当前和未来的安全挑战,并展望未来SDN安全发展方向。

关键词: 软件定义网络, OpenFlow, 网络安全, SDN安全

Abstract:

Software-defined network (SDN) separated the traditional control plane from the data plane,formed a centralized controller,opened up the network programming interface,simplified network management,promoted network innovation and optimized network operation.However,SDN's “three-layer two-interface” architecture increased the network attack surface,resulting in many new security issues.The development,characteristics and working principle of SDN were first introduced,and the existing security problems from the application layer,the northbound interface,the control plane,the southbound interface,the data plane were summarized respectively.Secondly,the latest research progress and existing solutions were discussed.Finally,SDN current and future security challenges were summarized,and the future SDN security development direction was looked forward to.

Key words: SDN, OpenFlow, network security, SDN security

中图分类号: 

  • TP309