| The rapid development of cloud computing, mobile Internet, networking and other technology has brought a new round of IT technological change, which leads to an urgent need for a scalable, easy to manage and secure network management. SDN's concept(Software Defined Network) which separates the control plane from the data plane demonstrated its unique advantages for solving this problem, but the security problems of its existence, hindered its application and development.This thesis analyzes the features and weaknesses of SDN architecture. For solving the missing certification among devices, applications and controllers within the SDN architecture, “SDN secure communication architecture” is put forward. In this thesis, applications isolation solution is given combined with the new architecture, and moreover, a new idea “network evolution” also be shown. In a word, the new architecture greatly enhance the flexibility of SDN security implementation. The following is the main contents of the thesis:Firstly, legitimacy of the network entities. Analyzing the security of SDN architecture. Summarize the characteristics of SDN. On the basis of these studies, dynamic identity authentication scheme is put forward, and is implemented to SDN North/South interfaces, used to solve the problem of identity authentication between controller and switching, or controller and application.Secondly, deployment of multiple controllers. Single controller is the original prototype of the SDN network architecture. In this case, the control layer is vulnerable to cyber attacks, lead to single point of failure, and compromise the whole network. For solving this problem, we studied and referenced previous researchs, then put forward a proxy mechanism which proxy in charge of controllers' management. Proxy according to configuration to distribute switchs to different controllers. In this way, it mitigate the possibility of whole network paralysis. This scheme also provides a new angle for the research of multiple controllers.Thirdly, the identification and classification of network applications. Network aplications to SDN controller, it is just like thought to brain, their security is crucial, and is related to the network's overall safety. “SDN secure communication architecture” can manage applications permissions. It isolates different applications to different controller's permission domain, and make application layer more secure and flexible. Different categories of application are located in different controller's permissions domains, and access abilities are restricted within the controller's permission domain. For example, if we divided applications into two kinds: business applications and security applications. Security applications should be distributed to security controller's domain. And their permission must be higher than business applications. SDN secure communication architecture, can satisfy the management of applications. It gives network applications more flexibility, and at the same time, more security.Finally, three kinds of implementation plan with “SDN secure communication architecture” are shown, and explain the concept of “network evolution”. |
PDF Full Text Request