Study On Dynamic Construction Technology Of Virtualization Security Service Based On Software Defined Network

Software Defined Network(SDN)is a new network architecture which can flexibly meet the current network requirements.The current SDN architecture is based on decoupling the control plane from the data plane.This kind of architecture makes SDN face the traditional network security threats as well as the special security threats from the centralization of control plane.The security of SDN can be protected by virtualization security services,due to programmability of SDN and network function virtualization.This thesis focuses on how to dynamically construct SDN virtualization security services,so as to achieve SDN security protection.This thesis carries out research on the following three aspects:(1)To address the security threats that SDN faces,this thesis analyzes the requirements of SDN security and proposes a novel security service protection architecture.A security service orchestration center in the control plane of SDN is designed.This center can physically decouple from SDN controller and independently deal with security tasks.(2)In order to achieve security service protection architecture,this thesis describs security service orchestration center and builds a security meta-function library by decomposing the category of security service.In particular,this thesis designs a dynamic security service construction algorithm based on WEB service composition.Two kinds of composition methods,WorkFlow composition and Rule composition,are involved in this algorithm to meet the needs of different users.(3)Considering that the slow speed of composition service using Rule composition algorithm,this thesis proposes an optimized dynamic security service construction algorithm by imitating the RETE algorithm.In detail,the rules in Rule composition is compiled into RETE network in order to save time by storing the intermediate states and sharing the state nodes.In this way the waiting time of user can be reduced and the experience of user can be improved.In this thesis,the network environment of SDN security services is built on OpenStack platform.The SDN security service is constructed to verify the effectiveness of the system.The composition times of the two composition methods with different scales of user are evaluated,and the reason about influencing factors of Rule composition is discussed as well.The results indicates that SDN protection can be achieved from the aspects of function and performance by applying the optimized algorithm.