Research And Application Of SDN Northbound Security Problems In Multi-controller Environments

SDN(Software Defined Network)decouples the control plane and data plane in the traditional network,but some of the threats in the traditional network still exist in the SDN.With the continuous and personalized diversification of network demand,at the same time,there's no standard protocols of the northbound interface.Applications on the SDN northbound will gradually become personalized,and pay more attention to detail management.Applications often come from the third-party vendors.For the applications,security research is one of the urgent problems to be solved.Authentication,authorization,access control and accountability mechanism of the application are the main components of the SDN northbound security threats.While the controller capacity constraints may lead to a single point of failure,in order to solve this,we use the multi-controller environment.As to what had been said above,this thesis focuses on the security problems of SDN northbound in a multi-controller environment,and puts forward a set of solutions to SDN northbound security problems,and designs and implements the corresponding architecture.The main contents are as follows:Firstly,this thesis studies the current situation of SDN's security problems in the northbound,and analyzes the identity,authorization,authority,accountability and single point of failure and some other main application problems.Then,according to the existing security problems and where the previous research is not perfect,this thesis puts forward the demand and improvement,and designs a primary SDN Northbound security solutions and framework;and then it proposes custom coding rules for the management of applications and also the status of the controllers.After researching the division of authority,this thesis puts forward a new and more detailed and more personalized division,and together with the custom coding rules,the solution works during fault handling and daily management,and all this provides better convenience and stronger security to the new SDN network architecture.Then,it completes and improves the structure in the details,such as to improve the existing controller,to add assist modules;design the details of the agent controller specific for the management of forms of the application,permissions,and controllers.Then,starting from solving the single point failure problem of the controller,the combination of the final consistency of zookeeper and floodlight is used to construct a multi-controller environment,and form a new multi-controller network by using the improved controller and proxy controller.In the multi-controller network environment,it builds the basic framework,and the relevant algorithm interface in the framework has been set out to be customized.This solution improves the SDN northbound security and at the same time considers the scalability.Finally,this thesis compares the function and security of the design of the security architecture and floodlight controller initial architecture,makes security assessment,and completes all the designs of the SDN northbound security solution.