Blockchain-Based SDN Inter-Domain Access Control Model Research

Software-defined network(SDN)is proposed to solve network rigidity and promote management flexibility.The demand for high-quality service,application of massive data,and large-scale network formation drive SDN’s continuous growth.Distributed SDN controllers are necessary for future large-scale SDN.Currently,in the SDN multi-controller deployment environment,the horizontal architecture,which interacts through an east-west interface and stores all network topology states and related information in each SDN controller,is widely adopted.However,designing an inter-domain access control model for SDN controllers in a horizontal architecture presents a number of security issues.In order to solve the fragile centralized trust problem in access control,a blockchain-based SDN inter-domain access control system framework is designed,incorporating elements of zero-trust theory.And with this infrastructure,a blockchainbased distributed SDN identity management model is designed.The SDN controller in the model uses self-sovereign identity to control its own identity information.Moreover,the credibility credentials and attribute credentials are designed for SDN controllers and applications respectively to ensure the privacy and authenticity of their identities.In order to solve the current problem of establishing permanent trust once and for all in the access control model between SDN domains regarding the trust of SDN controllers,reputation value attributes are assigned to domain SDN controllers.Propose a reputation value evaluation algorithm based on intra-domain and interdomain performances data of SDN networks.An update policy is set up to ensure dynamism and time-to-time trustworthiness of the SDN controller as the access subject,while considering intra-domain threats present during access.Finally,a blockchain-based cross-domain access control policy and process for SDN controllers are proposed under the framework of the access control system,using the proposed identity management model and dynamic trust evaluation algorithm.This improves the security of SDN controller inter-domain interaction in horizontal architecture and demonstrates the security and effectiveness of the proposed model through theoretical and experimental comparisons with other cross-domain access control models.