| With the rapid development of computer technology and netuork technology,the network has become an important infrastructure in many people's lives.Internet has brought great convenience to people in all walks of life,and it has also brought serious network security problems.In addition,cyberspace has become the fifth space after the sea,land,air,and space.Once its security is threatened,it will bring serious harm to individuals,enterprises,the military,and even the country.In response to the above problems,the community began to conduct in-depth research on cyberspace confrontation and network attack and defense technologies.At the same time,as the cyber range can restore the real network attack scenarios and conduct network attack and defense exercises,it has become a research hotspot in the field of information security.The cyber range refers to the combination of virtual environment and real devices,simulating the real attack and defense environment of cyberspace,supporting network combat capability research and offensive and defensive equipment verification test platform.In order to provide accurate simulation capabilities,the cyber range is built in a virtual and physical interconnection network environment,that is,virtual resources and physical resources need to be accessed at the same time.In this special scenario,how to design a virtual and physical interconnection network topology,solve the network isolation problem of multi-tenant multi-tasking,and then secure the network are problems that needs to be solved during the construction of the cyber range.Aiming at the above problems,this paper constructs a network isolation scheme suitable for virtual and physical interconnection environment and a security isolation reinforcement scheme for SDN networks.Specifically,this paper mainly does the following work:Firstly,aiming at the network isolation problem of multi-tenant multi-task in virtual and physical interconnection environment,this paper combines the idea of SDN forwarding and control separation with network isolation technology to design the network topology for virtual and physical interconnection environment in detail,and then constructs a network isolation scheme for virtual and physical interconnection environment.Secondly,based on the network isolation scheme for virtual and physical interconnection environment,a task-based virtual and physical isolation cloud service system is designed.The system provides virtual and physical resource cloud services for tenants,while providing task-based virtual and physical resource security isolation.Through the structural design and functional flow design description of the system,the task-based virtual and physical isolation cloud service system is completely introduced.Thirdly,this paper proposes a novel network attack,called NH attack,which can obtain the user's network privileges without any awareness of the user and the SDN network,even if the network isolation technology is used.In order to solve this attack,this paper constructs a network isolation reinforcement scheme for SDN networks.The solution protects against network isolation attacks or other spoofing attacks by leveraging SDN's global and programmatic control of the nework,while building upon IEEE 802.1x and encryption.Finally,the task-based virtual and physical isolation cloud service system and the network isolation reinforcement scheme for SDN networks are implemented and described.At the same time,the evaluation and testing of the above system and scheme are completed.The results show that the above system and scheme realize the designed function and have lower computational and communication overhead. |
PDF Full Text Request