Research On Software-defined Security Based On SDN Security Controller

The rapid development of virtualization and cloud computing technology,and the emerging of new network services spawned a higher and higher demand for network capabilities.While the traditional network structure is heavily overburdened,SDN technology came into the public's sight.SDN breaks down the traditional hardware-based,closed network structure,and rebuild it with an open ideology.SDN unifies the underlying network devices with open standards,and provides a flexible southbound protocol.Thus SDN brings great opportunities to network intelligence and manipulability.With all the factors above,the network security technology and business has undergone tremendous changes.software-defined security adapts to this changes and takes advantages from software-defined infrastructure,is attempting to conduct a comprehensive innovative reform to security service.This paper first introduces the background of software-defined security,analysis the technical characteristics of virtualization,cloud computing and SDN,and the far-reaching impacts that those technologies bring to computing,networking and security industries.Then we discuss the origin of software-defined security thinking,the related work and its achievements,consensus made by industries,etc.We also give our opinions on software-defined security's definition and principles.In this paper we present a specific software-defined security system design and implementation,which is based on SDN and can be integrated with cloud computing platforms.This solution uses a three-layered architecture composed by underlying hardware resource pools,a security controller and the application layer.The principles when designing the architecture is to decouple,central control and open API.Thus the system has comprehensive security service capabilities,flexibility and scalability.Implementation of this software-defined security system involves a lot of engineering work.We describe the part how security controller interacts with network controller,the necessity of a custom agent and its functions and model design.The later part we focus on an important issue of network policy implementing consistency.We also designed several protection solutions for several specific application scenarios in which we demonstrate the main work flow and how different components is involved and cooperate.These solutions demonstrate the automation of the software-defined security system throughout the full process from early warning to analysis,policymaking and policy enforcement.It also horizontally interacts with cloud computing platform and SDN controller.We also conduct two experiments to evaluate the system's feasibility and performance witch cases and data,which also show that the system does have specific advantages in automation and performance.