SDFAC：软件定义的流接入控制机制

doi:10.11959/j.issn.1000-436x.2015299

Abstract

Abstract:

The software defined networking paradigm decouples control plane from data plane,offering flexible centralized control and fine grain flow management.Based on these advantages,a novel software defined access control mechanism SDFAC was proposed.Firstly,an analysis of the access control model was given from the flow granularity,and the precondition for the fine-grained access control was deduced from the model.Secondly,the framework and basic working process of the SDFAC was described.The flow authentication protocol was designed to support the function of SDFAC.Finally,the experiment results prove the feasibility and availability of SDFAC.

Key words: access control mechanism, software defined networking, flow authentication protocol, OpenFlow, security

Xiu-lei WANG,Guo-min ZHANG,Chao HU,Ming CHEN,Xiang-lin WEI. SDFAC:software defined flow access control mechanism[J]. Journal on Communications, 2015, 36(Z1): 188-196.

Figures/Tables 10

References 16

[1]	SANDHU R S , COYNE E J , FEINSTEIN H L , et al. Role-based access control models[J]. IEEE Computer, 1996,29(2): 38-47.
[2]	DANGOVAS V , KULIESIUS F . SDN-driven authentication and access control system[J]. Society of Digital Information ＆ Wireless Communication, 2014.
[3]	AHMAD I , NAMAL S , YLIANTTILA M , et al. Security in software defined networks:a survey[J]. IEEE Communications Survey ＆ Tutorials, 2015,99: 1-30.
[4]	YOON C H , PARK T J , LEE S G , et al. Enabling security functions with SDN:a feasibility study[J]. Computer Networks, 2015,(85): 19-35.
[5]	HU Z Y , WANG M G , YAN X Q , et al. A comprehensive security architecture for SDN[A]. Proceedings of the 18th International Conference on Intelligence in Next Generation Networks[C]. Paris,France, 2015. 30-37.
[6]	KERPEZ K J , CIOFFI J M , GINIS G , et al. Software-defined access networks[J]. IEEE Communication Magazine, 2014,52(9): 152-159.
[7]	MATIAS J , GARAY J , MENDIOLA A , et al. Flow NAC:flow-based network access control[A]. Proceedings of 2014 3rd European Workshop on Software Defined Networks[C]. Budapest, 2014. 79-84.
[8]	IEEE Std.802.1X-2010,Port-Based Network Access Control,[EB/OL]. .
[9]	Trusted computing group. trusted network connect architecture for Interoperability,specification version 1.5[EB/OL]. , 2012.
[10]	CHAKRABORTY S , RAY I . TrustBAC-integrating trust relationships into the RBAC model for access control in open system[A]. Proceedings of the 11th ACM symposium on Access control models and technologies[C]. New York,USA, 2006. 49-58.
[11]	CASADO M , GARFINKEL T , AKELLA A , et al. SANE:a protection architecture for enterprise networks[A]. Proceedings of USENIX Security Symposium[C]. 2006. 1-12.
[12]	CASADO M , FREEDMAN M J , PETTIT J , et al. Ethane:taking control of the enterprise[J]. ACM SIGCOMM Computer Communication Review, 2007,37(4): 1-12.
[13]	ZHENG R B , YANG W L , ZHOU J . Future access architecture:software-defined access networking[A]. Proceedings of IEEE the 11th Consumer Communications and Networking Conference[C]. Las Vegas,NV, 2014. 881-886.
[14]	KLAEDTKE F , KARAME G O , BIFULCO R , et al. Towards an access control scheme for accessing flow in SDN[A]. Proceedings of the 1st IEEE Conference on Network Softwarization[C]. London, 2015. 1-6.
[15]	MCKEOWN N , ANDERSON T , BALAKRISHNAN H , et al. Openflow:enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008 38: 69-74.
[16]	MAZIERES D , KAMINSKY M , KAASHOEK M F , et al. Separating key management from file system security[J]. ACM SIGOPS Operating System Review, 1999,33(5): 124-139.

Metrics

Recommended 0

No Suggested Reading articles found!

SDFAC:software defined flow access control mechanism

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 16

Related Articles 15

Metrics

Recommended 0

[1]	Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism [J]. Journal on Communications, 2023, 44(6): 47-56.
[2]	Yingze LIU, Yuanbo GUO, Chen FANG, Yongfei LI, Qingli CHEN. Intelligent planning method for cyber defense strategies based on bounded rationality [J]. Journal on Communications, 2023, 44(5): 52-63.
[3]	Yuancheng LI, Yongtai QIN. Deep reinforcement learning based algorithm for real-time QoS optimization of software-defined security middle platform [J]. Journal on Communications, 2023, 44(5): 181-192.
[4]	Renchao XIE, Wen WEN, Qinqin TANG, Yunlong LIU, Gaochang XIE, Tao HUANG. Survey on rail transit mobile edge computing network security [J]. Journal on Communications, 2023, 44(4): 201-215.
[5]	Zhiyong LUO, Yu ZHANG, Qing WANG, Weiwei SONG. Study of SDN intrusion intent identification algorithm based on Bayesian attack graph [J]. Journal on Communications, 2023, 44(4): 216-225.
[6]	Ming XU, Baojun ZHANG, Yiming WU, Chenduo YING, Ning ZHENG. Cyber attacks and privacy protection distributed consensus algorithm for multi-agent systems [J]. Journal on Communications, 2023, 44(3): 117-127.
[7]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[8]	Caixia LIU, Xinsheng JI, Jiangxing WU. Endogenous security common problems and solutions of the mobile communication networks [J]. Journal on Communications, 2022, 43(9): 70-79.
[9]	Runhua SHI, Hui YU, Weiyang KE, Xiaotong XU. Quantum anonymous one-vote veto protocol based on BB84 states [J]. Journal on Communications, 2022, 43(8): 109-120.
[10]	Weiyu CHEN, Junshan LUO, Fanggang WANG, Haiyang DING, Shilian WANG, Guojiang XIA. Survey of capacity limits and implementation techniques in wireless covert communication [J]. Journal on Communications, 2022, 43(8): 203-218.
[11]	Yuanbo GUO, Yongfei LI, Qingli CHEN, Chen FANG, Yangyang HU. Fusion of Focal Loss’s cyber threat intelligence entity extraction [J]. Journal on Communications, 2022, 43(7): 85-92.
[12]	Hongbin LUO, Shan ZHANG, Zhiyuan WANG. Architecture and mechanisms for secure and efficient internetworking of heterogeneous network [J]. Journal on Communications, 2022, 43(4): 36-49.
[13]	Huanhuan LIAN, Huiying HOU, Yunlei ZHAO. Post-quantum verifier-based three-party password authenticated key exchange protocol [J]. Journal on Communications, 2022, 43(4): 95-106.
[14]	Yu ZHANG, Xiongwen ZHAO, Xiaoqing WANG, Suiyan GENG, Peng QIN, Zhenyu ZHOU. Robust resource allocation algorithm for multicarrier NOMA security communication system [J]. Journal on Communications, 2022, 43(3): 42-52.
[15]	Hongyu YANG, Haihang YUAN, Liang ZHANG. Host security assessment method based on attack graph [J]. Journal on Communications, 2022, 43(2): 89-99.