| 异构容错控制平面的安全性分析 |
| |
| 作者姓名: | 吴奇 陈鸿昶 陈福才 |
| |
| 作者单位: | 国家数字交换系统工程技术研究中心,河南 郑州 450001 |
| |
| 基金项目: | 国家重点研发计划资金资助项目(2016YFB0800101);国家自然科学创新群体基金资助项目(61521003) |
| |
| 摘 要: | 随着软件定义网络的大规模应用,软件定义网络的安全性显得愈发重要。基于异构思想的容错控制平面作为一种重要的防御思路,近年来越来越引起研究者的注意。但是现有容错控制平面的研究中忽视了异构原件中的同构漏洞问题,这大大降低了容错控制架构对软件定义网络的安全收益。从异构原件中的同构漏洞出发,首先分析了同构漏洞对控制平面的安全影响,然后以此为基础对容错控制平面的容忍能力进行量化,构造出一个最大化容忍能力的控制平面布局方法。实验仿真证明了所提方法可以有效降低控制平面的故障概率,攻击者在对基于所提方法构造的控制平面进行攻击时,需要花费更多的攻击成本才可以瘫痪控制平面。
|
| 关 键 词: | 软件定义网络 同构漏洞 异构控制器 容忍能力 |
Security analysis in heterogeneous fault-tolerant control plane |
| |
| Authors: | Qi WU Hongchang CHEN Fucai CHEN |
| |
| Affiliation: | National Digital Switching System Engineering and Technological R&D Center,Zhengzhou 450001,China |
| |
| Abstract: | With the large-scale application of software-defined networks,the security of software-defined networks becomes more and more important.As an important defense idea,the fault-tolerant control plane based on heterogeneity has attracted more and more researchers' attention in recent years.However,the existing researches ignore the problem of common vulnerability in heterogeneous variants,which greatly reduces the security benefits of the fault-tolerant control architecture for software-defined networks.Addressing this problem,the common vulnerability was taken in heterogeneous variants into considerations.First,the tolerance capability of the fault-tolerant control plane was quantified.Then a control plane deployment method was constructed which was able to maximize the tolerance capability.The simulations show that the proposed method can effectively reduce the failure probability of the control plane.When the attackers attack the control plane constructed based on the proposed method,they pay more attack cost to compromise the control plane. |
| |
| Keywords: | software-defined network common vulnerability heterogeneous variant tolerance capability |
|
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
