网络与信息安全学报 ›› 2018, Vol. 4 ›› Issue (11): 32-39.doi: 10.11959/j.issn.2096-109x.2018095

• 论文 • 上一篇    下一篇

异构容错控制平面的安全性分析

吴奇,陈鸿昶,陈福才   

  1. 国家数字交换系统工程技术研究中心,河南 郑州 450001
  • 修回日期:2018-10-20 出版日期:2018-11-01 发布日期:2019-01-03
  • 作者简介:吴奇(1991-),男,江苏徐州人,国家数字交换系统工程技术研究中心博士生,主要研究方向为网络安全。|陈鸿昶(1964-),男,河南郑州人,国家数字交换系统工程技术研究中心研究员、博士生导师,主要研究方向为网络安全方向、大数据。|陈福才(1974-),男,江西高安人,国家数字交换系统工程技术研究中心研究员、硕士生导师,主要研究方向为网络安全方向、大数据。
  • 基金资助:
    国家重点研发计划资金资助项目(2016YFB0800101);国家自然科学创新群体基金资助项目(61521003)

Security analysis in heterogeneous fault-tolerant control plane

Qi WU,Hongchang CHEN,Fucai CHEN   

  1. National Digital Switching System Engineering and Technological R&D Center,Zhengzhou 450001,China
  • Revised:2018-10-20 Online:2018-11-01 Published:2019-01-03
  • Supported by:
    The National Key R&D Program of China(2016YFB0800101)

摘要:

随着软件定义网络的大规模应用,软件定义网络的安全性显得愈发重要。基于异构思想的容错控制平面作为一种重要的防御思路,近年来越来越引起研究者的注意。但是现有容错控制平面的研究中忽视了异构原件中的同构漏洞问题,这大大降低了容错控制架构对软件定义网络的安全收益。从异构原件中的同构漏洞出发,首先分析了同构漏洞对控制平面的安全影响,然后以此为基础对容错控制平面的容忍能力进行量化,构造出一个最大化容忍能力的控制平面布局方法。实验仿真证明了所提方法可以有效降低控制平面的故障概率,攻击者在对基于所提方法构造的控制平面进行攻击时,需要花费更多的攻击成本才可以瘫痪控制平面。

关键词: 软件定义网络, 同构漏洞, 异构控制器, 容忍能力

Abstract:

With the large-scale application of software-defined networks,the security of software-defined networks becomes more and more important.As an important defense idea,the fault-tolerant control plane based on heterogeneity has attracted more and more researchers' attention in recent years.However,the existing researches ignore the problem of common vulnerability in heterogeneous variants,which greatly reduces the security benefits of the fault-tolerant control architecture for software-defined networks.Addressing this problem,the common vulnerability was taken in heterogeneous variants into considerations.First,the tolerance capability of the fault-tolerant control plane was quantified.Then a control plane deployment method was constructed which was able to maximize the tolerance capability.The simulations show that the proposed method can effectively reduce the failure probability of the control plane.When the attackers attack the control plane constructed based on the proposed method,they pay more attack cost to compromise the control plane.

Key words: software-defined network, common vulnerability, heterogeneous variant, tolerance capability

中图分类号: 

No Suggested Reading articles found!