Research On RBAC Authority Management Of SDN Controller

SDN(Software Definded Network,software-defined network)is a new type of network innovation architecture.It is one of the ways to implement network virtualization.The emergence of SDN enables the separation of the network equipment control layer and the forwarding layer.Thus,the SDN controller enables flexible control of network traffic.Make network management more convenient and intelligent.The SDN controller is the core of the SDN network.It controls the entire network and involves a large number of physical and virtual network resources.In order to achieve isolation between resources and ensure information security,SDN uses tenants as the quarantine unit of network resources,so that resources in different tenants are prohibited from accessing each other.As the brain of the entire network,SDN must have its own rights management system to deal with complex resource rights management and user diversification.However,the traditional RBAC model does not have the tenant concept and cannot manage intra-tenant resources and non-tenant resources in the SDN controller separately.In addition,SDN controllers require more fine-grained authorization management of more resources than typical enterprise-level applications.This article combines the specific features of the SDN controller and does some in-depth research on the access control in the SDN controller.(1)Combining the Apache Shiro framework and token authentication,I did research on this authentication and authorization of current mainstream SDN controller,which is Java language developed and uses OSGi modular framework and RESTful API.Then I designed the SDN controller certification process.(2)I analyzed and researched the traditional RBAC model.Based on the tenant characteristics of SDN controller,I designed an improved RBAC model T-RBAC to support tenants.The new model adds tenant elements to the traditional model.Resources and tenants are associated together to form resources within a tenant.The relationship between users and roles increases the tenant elements as a condition,so that the model can complete the allocation of various resources.(3)For the SDN controller,I analyzed the application of the improved RBAC model in the SDN,detailed analysis and design of the RBAC model in the SDN control of the embodiment of the elements,for the SDN controller WEB page and REST API,I design two sets of different fine-grained access rules.(4)Finally,it was implemented and tested on the SDN controller-VCF control platform,verifying that the improved RBAC model has better access control effect in the SDN controller.