Research On Web Authentication And Access Control In Software-Defined Networking

With rapid development of cloud computing and big data, traditional networks architecture cannot meet the increasingly rapid growth of Internet business. The core concept of SDN (Software Defined Network) is control and forwarding separation that provide better visibility for global network and centralized control and SDN is more and more concerned in academia and industry, but its security is still a necessary precondition for large scale deployment and implementation of SDN. In this paper, an authentication and fine-grained access control security architecture was proposed combining the OpenFlow-based SDN technology, role-based access control technology and web authentication development technology.Firstly, SDN and access control technology have been researched. For SDN, the SDN architecture based on OpenFlow, including switch, controller and OpenFlow protocol, are first analyzed, and then the Open vSwitch switch and Ryu controller used in this paper are researched. For access control, access control technology based on role is introduced and RBAC96 model is analyzed in detail.Secondly, this paper proposed a Web authentication and access control architecture based on OpenFlow after analyzing the SDN and access control, then various components of the architecture are analyzed and the principles of the flow of data flow and control flow are illustrated in detail, and three network components are also designed and implemented. For Ryu controllers, five core modules was designed and implemented which included PacketIn module, flow entries sent module, redirection, authentication and access control process. For Web authentication, three core modules was designed and implemented detailed which included the database class, authentication module and back office management system. For database server, database table was designed.Finally, a network security framework experimental platform consisting of three components was set up. Functional testing and performance testing was conducted for four different roles of user. Results demonstrate that the security architecture can authenticate the different roles of the user on the same host and fine-grained network access control after authentication, which can be accurate to the network transport protocols.