Preview

Вестник СибГУТИ

Расширенный поиск

Аспекты информационной безопасности архитектуры SDN

Аннотация

OpenFlow является наиболее распространенным протоколом архитектуры Software Defined Networking (SDN), которая разделяет функции управления сетевыми устройствами и передачи данных. Она переносит основные функции управления с маршрутизаторов и коммутаторов на централизованные контроллеры. Благодаря централизованному управлению сетью и программируемости контроллеров, архитектура SDN обладает потенциалом, который может быть использован для модернизации средств обеспечения безопасности и реализации более эффективных методов противодействия угрозам, свойственных традиционной архитектуре сетей передачи данных. В работе представлен обзор архитектуры SDN и протокола OpenFlow, анализ угроз и технологии их нейтрализации для архитектуры SDN и протокола OpenFlow, а также определены критичные угрозы для тех сетей OpenFlow, которые в скором времени могут появиться в РФ; предложены способы противодействия данным угрозам.

Об авторах

А. А. Захаров
Тюменский государственный университет
Россия


Е. Ф. Попов
Тюменский государственный университет
Россия


М. М. Фучко
Тюменский государственный университет
Россия


Список литературы

1. K. Calvert, S. Bhattacharjee, E. Zegura, and J. Sterbenz, Directions in Active Networks IEEE Communications magazine, р. 72-78, October 1998.

2. Diego Kreutz, Fernando MV Ramos, P Esteves Verissimo, Christian Esteve Rothenberg, Siamak Azodolmolky, and Steve Uhlig. Software-defined networking: A comprehensive survey. proceedings of the IEEE, 103[1]: 14-76, 2015.

3. Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, and Jonathan Turner. Openflow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38[2]:69-74, 2008.

4. Diego Kreutz, Fernando Ramos, and Paulo Verissimo. Towards secure and dependable software-defined networks. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, p. 55-60. 2013.

5. Смелянский Р. Л. Программно-конфигурируемые сети. Открытые системы. СУБД 9. 2012. с. 23-26.

6. OpenFlow Switch Specification Ver 1.5.1, 2016 [accessed January 11, 2016]. https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-switch-vl.5.1.pdf.

7. Никульчев Е. В., Паяин С. В., Плужник Е. В. Динамическое управление трафиком программно -конфигурируемых сетей в облачной инфраструктуре. Вестник РГРТУ. № 3. 2013. с. 45.

8. Sandra Scott-Hayward, Gemma O’Callaghan, and Sakir Sezer. Sdn security: A survey. In Future Networks and Services (SDN4FNS), 2013 IEEE SDN For, p. 1-7. IEEE, 2013.

9. Open Networking Fundation. Software-defined networking: The new norm for networks. ONF White Paper, 2012.

10. Kevin Benton, L Jean Camp, and Chris Small. Openflow vulnerability assessment. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, p. 151-152. 2013.

11. Seungwon Shin and Guofei Gu. Attacking software-defined networks: A first feasibility study. In Proceedings of the second ACM SIGCOMM work- shop on Hot topics in software defined networking, p. 165-166. 2013.

12. Diego Kreutz, Fernando Ramos, and Paulo Verissimo. Towards secure and dependable software-defined networks. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, p. 55-60. 2013.

13. Margaret Wasserman and Sam Hartman. Security analysis of the open networking foundation (onf) openflow switch specification. 2013.

14. Ehab Al-Shaer and Saeed Al-Haj. Flowchecker: Configuration analysis and verification of federated openflow infrastructures. In Proceedings of the 3rd ACM workshop on Assurable and usable security configuration, p. 37-44. 2010.

15. Seuk Son, Seungwon Shin, Vinod Yegneswaran, Phillip Porras, and Guofei Gu. Model checking invariant security properties in openflow. In Communications (ICC), 2013 IEEE International Conference on, p. 1974-1979. 2013.

16. Cole Schlesinger, Alec Story, Stephen Gutz, Nate Foster, and David Walker. Splendid isolation: Language-based security for software- defined networks. In Proc. of Workshop on Hot Topics in Software Defined Networking, 2012.

17. Xiong Liu, Haiwei Xue, Xiaoping Feng, and Yiqi Dai. Design of the multi-level security network switch system which restricts covert channel. In Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on, p. 233-237. 2011.

18. Guang Yao, Jun Bi, and Peiyao Xiao. Source address validation so- lution with openflow/nox architecture. In Network Protocols (ICNP), 2011 19th IEEE International Conference on, p. 7-12. 2011.

19. Jafar Haadi Jafarian, Ehab Al-Shaer, and Qi Duan. Openflow random host mutation: transparent moving target defence using software defined networking. In Proceedings of the first workshop on Hot topics in software defined networks, p. 127-132. 2012.

20. Philip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, and Guofei Gu. A security enforcement kernel for openflow networks. In Proceedings of the first workshop on Hot topics in software defined networks, p. 121-126. 2012.

21. noxrepo/nox - C++ - GitHub, 2016 [accessed January 11, 2016]. https: //github.com/noxrepo/nox.

22. Seungwon Shin, Phillip Porras, Vinod Yegneswaran, and Guofei Gu. A framework for integrating security services into software- defined networks. Proceedings of the 2013 Open Networking Summit (Re- search Track poster paper), ser. ONS, 13, 2013.

23. Xitao Wen, Yan Chen, Chengchen Hu, Chao Shi, and Yi Wang. Towards a secure controller platform for openflow applications. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, p. 171-172. 2013.

24. Seungwon Shin, Vinod Yegneswaran, Phillip Porras, and Guofei Gu. Avant-guard: Scalable and vigilant switch flow management in software-defined networks. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, p. 413-424. 2013.

25. Junho Suh, H-g Choi, W Yoon, T You, T Kwon, and Y Choi. Implementation of a content-oriented networking architecture (cona): A focus on ddos countermeasure. In Proceedings of European NetFPGA developers workshop, 2010.

26. Chu Yu Hunag, Tseng Min Chi, Chen Yao Ting, Chou Yu Chieh, and Chen YanRen. A novel design for future on-demand service and security. In 2010 IEEE 12th International Conference on Communication Technology, p. 385-388. 2010.

27. Rodrigo Braga, Edjard Mota, and Alexandre Passito. Lightweight ddos flooding attack detection using nox/openflow. In Local Computer Networks (LCN), 2010 IEEE 35th Conference on, p. 408-415. 2010.

28. Yung-Li Hu, Wei-Bing Su, Li-Ying Wu, Yennun Huang, and Sy- Yen Kuo. Design of event-based intrusion detection system on openflow network. In Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on, p. 1-2. 2013.

29. Chun-Jen Chung, Pankaj Khatkar, Tianyi Xing, Jeongkeun Lee, and Dijiang Huang. Nice: Network intrusion detection and countermeasure selection in virtual network systems. Dependable and Secure Computing, IEEE Transactions on, 10[4]: 198-211, 2013.


Рецензия

Для цитирования:


Захаров А.А., Попов Е.Ф., Фучко М.М. Аспекты информационной безопасности архитектуры SDN. Вестник СибГУТИ. 2016;(1):83-92.

For citation:


Zakharov A.A., Popov E.F., Fuchko M.M. SDN architecture, cyber security aspects. The Herald of the Siberian State University of Telecommunications and Information Science. 2016;(1):83-92. (In Russ.)

Просмотров: 1698


Creative Commons License
Контент доступен под лицензией Creative Commons Attribution 4.0 License.


ISSN 1998-6920 (Print)