摘要
SDN控制平面与数据平面分离的体系架构为实现细粒度的流管理以及灵活的中心化控制提供了基础。基于此,提出了一种软件定义的流接入控制机制SDFAC。首先从流的粒度对接入控制进行建模分析,给出了实现细粒度流接入控制所需要满足的条件;其次描述了SDFAC的基本框架和工作原理并设计了一种支持SDFAC功能的流鉴别协议;最后基于原型系统验证了SDFAC的可行性和可用性。
The software defined networking paradigm decouples control plane from data plane, offering flexible centralized control and fine grain flow management. Based on these advantages, a novel software defined access control mechanism SDFAC was proposed. Firstly, an analysis of the access control model was given from the flow granularity, and the precondition for the fine-grained access control was deduced from the model. Secondly, the framework and basic working process of the SDFAC was described. The flow authentication protocol was designed to support the function of SDFAC. Finally, the experiment results prove the feasibility and availability of SDFAC.
出处
《通信学报》
EI
CSCD
北大核心
2015年第S1期188-196,共9页
Journal on Communications
基金
国家重点基础研究发展计划基金资助项目("973"计划)(2012CB315806)
国家自然科学基金资助项目(61379149
61402521)
江苏省自然科学基金资助项目(BK20140070
BK20140068)
江苏省未来网络科技计划项目(BY2013095-1-06)~~
关键词
接入控制机制
软件定义网络
流鉴别协议
OPEN
FLOW
安全
access control mechanism
software defined networking
flow authentication protocol
Open Flow
security
