Research On Access Control Thechnique With Cross Domain Support For SDN Environment

With the development of SDN technology,it has been more and more widely used.Its core idea of decoupling the network control layer and the data layer and its programmable feature brings better convenience and flexibility to network management and control.However,SDN technology still has shortcomings in northbound interface security in applications.In current SDN frameworks and SDN control layer implementations,the northbound interfaces usually lack the ability of access control.Therefore,when the upper layer application is in error or maliciously controlled,it will cause unpredictable harm to the network security.Therefore,there is a need for ability of access control of the SDN northbound interface.At the same time,with the expansion of network scale and the complexity of network management,the use of multi-domain networks has become more and more common for network performance and management considerations.In traditional circumstances,the SDN northbound interface can provide the upper layer user with a global view of the network,and may be beneficial for malicious applications to use the network information for attacking.Therefore,when researching the access control of SDN northbound interface mechanisms,further consideration needs to be given to provide cross-domain access support.This paper works on the field of access control of SDN northbound interfaces.(1)Based on UCON model,a MD-UCON access control model including domain elements and role elements extensions is proposed.(2)A cross-domain role mapping mechanism for MD-UCON is introduced,so that the model can be applied to the access control application of the SDN northbound interface.(3)An access control prototype system suitable for SDN northbound interface is designed and implemented,to verify the above access control access control model and mechanisms.The tests show that MD-UCON and its access control mechanisms satisfied the requirements of access control of SDN northbound interfaces,while providing a good support for cross-domain access.