A Trust Management Framework For SDN Applications Based On Trusted Data Collection

With the rapid development of the Internet technology,traditional networks are becoming out of date.Due to switching devices integrate control functions and forwarding functions,traditional networks have many defects,such as low utilization of network resources,long deployment time of new network functions,complicated network maintenance and management,etc.These defects make tradtional networks hard to meet the requirement of emerging technologies such as cloud computing,and people urgently need a new type of network structure.Software Defined Network(SDN)was proposed in this context.The technology revolution led by SDN has been widely recognized by both academia and industry,and SDN has became one of core technologies of 5G communications.The core design idea of SDN is decoupling the forwarding functions and the control functions of switching equipments in traditional networks and realizing centralized control logic,which can greatly simplify network management.Besides that,SDN's programmable feature makes it easy to write network applications through the Application Programming Interface(API)to conveniently optimize network and expand network functions.The new features of SDN greatly reduce the maintenance costs of network and improve the scalability of network functions,but they also bring new secuirty risks.Today,cyber security is highly regarded,in order to ensure the rapid development and deployment of SDN,these security issues must be resolved.This thesis focuses on the security issues of SDN applications.Existing security issues of SDN applications include SDN controllers lack authentication and authorization mechanisms for applications,controllers can't determine whether an application is trusted by themselves,and there exist flow rule conflicts between applications.To solve the above security issues,we proposed a management framework for SDN applications based on trusted data collection.It can dynamically evaluate applications' trust values based on their impact on network,and manage applications based on the trust values to solve flow rule conflicts between applications.In particular,SDN controllers can determine an applications' quality based on its trust value and choose flow rules of the application with higher trust value when there are conflicts among multiple applications.In this framework,applications' trust evaluation is mainly based on network performance data collected by network performance probes.In order to ensure the authenticity of these data and improve the quality of the trust evaluation,we introduced a trust sustainment and control protocol based on Trusted Computing Platform(TCP)into the framework.This protocol can ensure that network performance probes collect required data according to the settings of the trust management framework.In addition,we designed a flow rule conflicts detection method based on Bloom Filter.This method can quickly detect flow rule conflicts among applications,and is suitable for detecting the conflicts between a large number of flow rules.In order to test the performance of our framework,we built a SDN platform and developed a prototype system of the trust management framework on the simulated platform.After the prototype system was developed,we designed several load-balancing SDN applications with different performance.Through trust evaluation results and application management in the prototype system,we tested the the accuracy of trust evaluation and the efficiency of the system.Then we compared our system's performance with some existing related works.In addition,we tested the efficiency of the designed flow rule conflicts detection method when detecting conflicts between a large number of flow rules.The performance evaluation results show the accuracy and efficiency of our framework.