Design And Implementation Of Northbound Interface Safety Assurance System Based On Zero Trust

Software Defined Networking(SDN)provides a high degree of flexibility and programmability by decoupling the data plane,control plane,and application plane of the network,but it also brings new security risks.Currently,the security guarantee for SDN mainly focuses on the control plane and data plane,and there is a lack of research on the security of application plane and northbound interface.The current open design of the SDN northbound interface results in a lack of unified interface specifications,making it difficult to authenticate,authorize,and access control applications,making the northbound interface face security risks such as application identity forgery,illegal access,and information tampering.For this reason,this article conducts research on the SDN northbound interface security guarantee mechanism.Based on the concept of zero trust security architecture,a northbound interface security guarantee system is designed and implemented using technologies such as certificateless public key mechanism and blockchain.(1)Aiming at the issue of application identity management for the northbound interface,an application identity management framework based on blockchain and certificateless public key is proposed.Blockchain is used to perform trust endorsement for application identities and application identity registration change records,and certificateless public key mechanism is used to achieve identity registration and authentication for applications.(2)Aiming at the application trust problem,a set of application trust evaluation model based on multi-dimensional feature fusion is designed.Fully consider the impact of application behavior on SDN network in many aspects,and conduct real-time and comprehensive evaluation of application trust value based on access request characteristics,flow rule characteristics and network status characteristics.(3)Aiming at the access control problem of the northbound interface,a dynamic access control mechanism based on application trust evaluation is designed.An access proxy is performed on the northbound interface,and a dynamic access control policy decision is made on its access request based on the trust evaluation result of the application.(4)A prototype system for northbound interface security based on zero trust was designed and developed,and a testing environment was established.Functional and performance tests were conducted on the system.The results show that the system can solve the current problems faced by northbound interfaces such as identity forgery,malicious requests,and illegal access,with a latency impact of less than 20%on the largest proportion of query interfaces.