VSA和SDS:两种SDN网络安全架构的研究

发布时间：2018-03-22 18:06

本文选题：软件定义网络　切入点：虚拟化　出处：《小型微型计算机系统》2013年10期 　论文类型：期刊论文

【摘要】：软件定义网络SDN(Software Defined Networking)的软件编程特性和开放性带来很多新的安全挑战,也给网络安全带来了挑战和机遇.本文提出了两种演进的SDN网络安全架构:虚拟化安全设备(Virtualized Security Appliance)和软件定义安全(Software Defined Security),给出了两种架构的建设要点,并以常规网络入侵、拒绝服务攻击和高级持续威胁等三类典型攻击场景分析了相应的工作原理,以防火墙为例演示了两种架构下的实现,测试表明两种结构在云计算中心环境中性能上是可行的,并且SDN数据和控制分离的特性使防火墙可用更少的代码实现.
[Abstract]:The software programming features and openness of the software definition network SDN(Software Defined networking presents many new security challenges, It also brings challenges and opportunities to network security. This paper proposes two evolving SDN network security architectures: virtualized Security application and software definition security Defined security. Three typical attack scenarios, such as denial of service attack and advanced persistent threat, are analyzed in this paper. Taking firewall as an example, the implementation of the two architectures is demonstrated. The test results show that the performance of the two architectures is feasible in the central environment of cloud computing. And the separation of SDN data and control allows firewalls to be implemented with less code.
【作者单位】：北京邮电大学信息通信学院网络体系构建与融合北京市重点实验室;绿盟科技研究院;
【基金】：国家重大专项项目(2012ZX03005008-001)资助北京市经济和信息化委员会现代服务业专项资金拨款项目资助
【分类号】：TP393.08

【参考文献】