Research on SDN Flow Secure Access Control
Hu Yang, Lei JiaXing
2019
Journal of Physics, Conference Series
In order to ensure the Software Defined Network (SDN) flow security access, this paper puts forward a SDN terminal access control system through the deep study on the terminal security access solution in the existing SDN. This system combines the traditional terminal access control technology with the new SDN network and mainly implements some functions such as user's identity authentication, terminal security status assessment, user's service authorization, QoS control, and so on.
more »
... y, the system security is analyzed in detail. The network simulation in Mininet is carried out in combination with the RYU controller secondary developed so as to complete the experiment of access control function and communication delay performance. The results show that the security access control system of SDN flow has flexible access control security strategies and then can detect the threats from the insecure terminal access in SDN. This can not only realize the identity authentication of users but also ensure the security of access terminal, and thus realizing the access authorization of terminals in different safe states. 2 2. Related work SDN, driven by the development of cloud computing, is widely used, however, the new threats for the network security also appear in the new network architecture of SDN. For example, the security threats of SDN mentioned in the literatures [2-6] include malicious scanning, unauthorized access, and denial of service attacks, among them, the malicious scanning is a preparation for the unauthorized access and denial of service attacks, moreover, the unauthorized access and denial of service attacks would result in the network damage, thus limiting the extensive promotion and deployment of SDN. But due to the complexity of the algorithm, there exists a larger delay, so the promotion and application effects are poor. With the extension of the business of cloud computing, the number of users of network access is growing, and the network application environment is more and more complex. Until now, the reasons for the security problems are as follows. On the one hand, the virus library access to the terminal platform has not been updated, as well as the operating system lacks the patches. This would make the threats, such as network Trojan, ransomware, and so on, intrude into the network and arbitrarily spread, thus causing huge damage. On the other hand, a large number of server resources are consumed, which is caused by distributed denial of service attacks (DDoS), etc., and finally, resulting in the server crash. Therefore, for the network security of SDN, it is an import problem to be solved that how to establish a network access security mechanism in order to effectively prevent the malicious scanning of illegal users and the network attack behavior of "legitimate users" by the terminals that do not conform to the safe strategies.
doi:10.1088/1742-6596/1395/1/012012
fatcat:4e7m5o6h55eedf2pfhjssbv4sa