期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于密码标识的SDN安全控制转发方法 被引量:5

SDN security control and forwarding method based on cipher identification
下载PDF
导出
摘要 针对软件定义网络(SDN,software defined networking)中匹配域范围有限和缺乏有效的数据来源验证机制问题,提出基于密码标识的SDN安全控制转发方法。首先,根据用户身份、文件属性或业务内容等特征信息生成密码标识,为数据流打上密码标识并用基于密码标识的私钥签名。其次,在其进出网络时验证签名,确保数据的真实性,同时将密码标识设计为转发设备能识别的匹配项,基于密码标识定义网络转发行为,形成基于人、物、业务流等细粒度网络控管能力。最后,通过实验分析验证该方法的有效性。 Aimed at the limited matching fields and the lack of effective data source authentication mechanism in the software defined networking (SDN), a SDN security control forwarding method based on cipher identification was pro-posed. First, the cipher identification was generated according to the user identity, file attributes or business content and other characteristics, and the data stream was marked by the cipher identification and signed with the private key based on the cipher identification. Then, when the data stream entered and left the network, the forwarding device verified its signature to ensure the authenticity of the data. At the same time, the cipher identification was designed as a matching item recognized by the forwarding device, and the network forwarding behavior was defined based on the cipher identi-fication, so a fine-grained network control capability could be formed based on people, things, and business flow. Finally, the validity of the method is verified by experimental analysis.
作者 秦晰 唐国栋 常朝稳
机构地区 信息工程大学三院 郑州信大先进技术研究院
出处 《通信学报》 EI CSCD 北大核心 2018年第2期31-42,共12页 Journal on Communications
基金 国家自然科学基金资助项目(No.61572517)~~
关键词 软件定义网络 密码标识 安全控制转发 流表匹配 software defined networking, cipher identification, security control and forwarding, flow table matching
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献4

二级参考文献106

  • 1Mckeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L, Rexford J, Shenker S, Turner J. OpenFlow: Enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 2008,38(2):69-74. [doi: 10.1145/1355734. 1355746]. 被引量:1
  • 2Elliott C. GENI: Opening up new classes of experiments in global networking. IEEE Internet Computing, 2010,14(1):39-42. 被引量:1
  • 3Gavras A, Karila A, Fdida S, May M, Potts M. Future Internet research and experimentation: The FIRE initiative. ACM SIGCOMM Computer Communication Review, 2007,37(3):89-92. [doi: 10.114511273445.1273460]. 被引量:1
  • 4JGN2plus. 2012. http://www.jgn.nict.go.jp/english/index.html. 被引量:1
  • 5SOFIA. 2012. http://fi.ict.ac.cn/research/sofia_overview.htm. 被引量:1
  • 6Yang L, Dantu R, Anderson T, Gopal R. Forwarding and Control Element Separation (ForCES) Framework. RFC 3746, 2004. http://tools.ietf.org/html/rfc3746. 被引量:1
  • 7Greenberg A, Hjalmtysson G, Maltz DA, Myers A, Rexford J, Xie G, Yan H, Zhan J, Zhang H. A clean slate 4D approach to network control and management. ACM SIGCOMM Computer Communication Review, 2005,35(5):41-54. [doi: 10.1145/1096536. 1096541]. 被引量:1
  • 8Caesar M, Caldwell D, Feamster N, Rexford J, Shaikh A, Merwe J. Design and implementation of a routing control platform. In: Proc. of the 2rd USENIX Symp. on Networked Systems Design and Implementation (NSDI). Boston: USENIX Association, 2005. 15-28. 被引量:1
  • 9Casado M, Garfinkel T, Akella A, Freedman MJ, Boneh D, Mckeown N, Shenker S. SANE: A protection architecture for enterprise networks. In: Proc. of the 15th Conf. on USENIX Security Symp. Vancouver: USENIX Association, 2006. 137-151. 被引量:1
  • 10Casado M, Freedman MJ, Pettit J, Luo J, Mckeown N, Shenker S. Ethane: Taking control of the enterprise. In: Proc. of the SIGCOMM 2007. Kyoto: ACM Press, 2007. 1-12. [doi: 10.1145/1282380.1282382]. 被引量:1

共引文献527

同被引文献36

引证文献5

二级引证文献32

通信学报
2018年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部