A Survey: Typical Security Issues of Software-Defined Networking  被引量：12

作　　者：Yifan Liu Bo Zhao Pengyuan Zhao Peiru Fan Hui Liu 

机构地区：[1]Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China [2]School of Cyber Security and Computer, Hebei University, Baoding 071002, China

出　　处：《China Communications》2019年第7期13-31,共19页中国通信（英文版）

基　　金：supported by the Wuhan Frontier Program of Application Foundation (No.2018010401011295);National High Technology Research and Development Program of China (“863” Program) (Grant No. 2015AA016002)

摘　　要：Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.Software-Defined Networking(SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the "three-layer two-interface" architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module,application isolation, DoS/DDoS defense,multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.

关 键 词：software-defined NETWORKING network SECURITY global SECURITY SECURITY THREAT 

分 类 号：TN[电子电信]