摘要
软件定义网络将数据平面与控制平面解耦,旨在更快地引入网络创新,并从根本上实现大型网络的自动化管理。架构创新带来了挑战与机遇,安全问题限制了软件定义网络的广泛采用。针对数据平面的攻击可能会损毁整个软件定义网络,首先介绍了数据平面结构与发展趋势;然后分析了数据平面安全风险,指出漏洞,确定潜在的攻击场景,并给出2种具体解决方案,讨论其意义与局限性;最后展望未来的安全研究方向。
The software-defined network decouples the data plane from the control plane,aiming to introduce networkinnovation faster and fundamentally automate the management of large networks.Architecture innovationbrings challenges and opportunities.Security issues limit the widespread adoption of software-defined networks.Attacks on the data plane may damage the entire software-defined network.The data plane structure and developmenttrends were introduced,data plane security risks were analyzed,vulnerabilities were pointed out,and potentialattack scenarios were identified.It also presents two specific solutions,discusses the significance and limitations,and looks forward to future security research directions.
作者
郭中孚
张兴明
赵博
王苏南
GUO Zhongfu;ZHANG Xingming;ZHAO Bo;WANG Sunan(National Digital Switching System Engineering & Technological R&D Center, Zhengzhou 450002, China;Shenzhen Polytechnic, Shenzhen 518000,China)
出处
《网络与信息安全学报》
2018年第11期1-12,共12页
Chinese Journal of Network and Information Security
基金
高安全等级网络基础设施关键装备核心芯片及软件研发基金资助项目(No.2017ZX01030301)~~
