The close relationship between the network security function and the hardware devices causes the static rigidity of the traditional security service mode, which is difficult to meet the various security requirement of future network business development. Based on the features of the Software Defined Networking (SDN), a dynamic composition mechanism is proposed for the Composable Security Service Chain (CSSC). First, the overall framework is introduced, and a mathematical model about the composition problem is established by the vector space and integer programming. Then, a heuristic algorithm is designed for solving the model, and the prototype is achieved in SDN environment. Finally, the results of the experiments show that the proposed algorithm outperforms the compared ones, and the advantage of the CSSC is validated by the simulation.
熊钢,胡宇翔,段通,兰巨龙. 一种软件定义网络的安全服务链动态组合机制[J]. 电子与信息学报, 2016, 38(5): 1234-1241.
XIONG Gang, HU Yuxiang, DUAN Tong, LAN Julong. A Dynamic Composition Mechanism for the Security Service Chain Oriented Software Defined Networking. JEIT, 2016, 38(5): 1234-1241.
LAN J L, CHENG D N, and HU Y X. Research on reconfigurable information communication basal network architecture[J]. Journal on Communications, 2014, 35(1): 64-76. doi: 10.3969/j.issn.1000-436x.2014.01.015.
[2]
PAUL S, PAN J L, and JAIN R. Architectures for the future networks and next generation internet: a survey[J]. Computer Communications, 2011, 34(1): 2-42. doi: 10.1016/j.comcom. 2010.08.001.
HUANG T, LIU J, HUO R, et al. Survey of research on future network architectures[J]. Journal on Communications, 2014, 35(8): 184-197. doi: 10.3969/j.issn.1000-436x. 2014.08.023.
ZHANG H K and LUO H B. Fundamental research on theories of smart and cooperative network[J]. Acta Electronica Sinica, 2013, 41(7): 1249-1255. doi: 10.3969/j.issn. 0372-2112. 2013.07.001.
[5]
MCKEOWN N, ANDERSON T, BALAKRISHAN H, et al. OpenFlow: Enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2): 69-74. doi: 10.1145/1355734.1355746.
ZUO Q Y, CHEN M, ZHAO G S, et al. Research on OpenFlow-based SDN technologies[J]. Journal of Software, 2013, 24(5): 1078-1097. doi: 10.3724/SP.J. 1001.2013.04390.
ZHOU Y, YANG X, LI Y, et al. Classification based consistent flow update scheme in software defined network[J]. Journal of Electronics & Information Technology, 2013, 35(7): 1746-1752. doi: 10.3724/SP.J.1146.2012.01431.
[8]
CHIOSI M, CLARKE D, WILLIS P, et al. Network functions virtualization-introductory white paper[R]. SDN and OpenFlow World Congress, Germany, 2012.
[9]
SHIN S, PORRAS P, YEGNESWARAN V, et al. FRESCO: modular composable security services for software-defined networks[C]. Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, 2013: 1-16.
[10]
QAZI Z, TU C C, and CHIANG L. SIMPLE-fying middlebox policy enforcement using SDN[C]. Proceedings of the ACM SIGCOMM’13, Hong Kong, China, 2013: 27-38.
[11]
LEE W, CHOI Y H, and KIM N. Study on virtual service chain for secure software defined networking[J]. Advanced Science and Technology Letters, 2013, 29(13): 177-180.
[12]
GUSHCHIN A, WALID A, and TANG A. Scalable routing in SDN-enabled networks with consolidated middleboxes[C]. Proceedings of the HotMiddlebox’15, London, United Kingdom, 2015: 55-60.
[13]
CHENG G Z, CHEN H C, CHEN S Q, et al. How to make network nodes adaptive?[J]. IEEE Communications Letters, 2014, 18(3): 515-518. doi: 10.1109/LCOMM.2014.011714. 132622.
[14]
AARON G J, RAAJAY V, CHAITHAN P, et al. OpenNF: enabling innovation in network function control[C]. Proceedings of the ACM SIGCOMM’14, Chicago, IL, USA, 2014: 163-174.
[15]
ISO7498-2. Information processing systems-open systems interconnection basic reference model-part 2: security architecture[S]. British Standard, 1989.
CHEN J, LIU J W, WANG M M, et al. Security substrate based security management and control mechanism of reconfigurable network[J]. Telecommunications Science, 2014, 30(7): 19-25. doi: 10.3969/ j.issn.1000-0801.2014.07.004.
[17]
MOORE R. Global optimization to prescribed accuracy[J]. Computers & Mathematics with Applications, 1991, 21(6/7): 25-39. doi: 10.1016/0898-1221(91)90158-Z.
[18]
Gibb G. NetFPGA-10G project [OL]. https://github.com/ NetFPGA/NetFPGA-public/wiki, 2014.
[19]
GEBERT S, PRIES R, SCHLOSSER D, et al. Internet access traffic measurement and analysis[J]. LNCS, 2012, 7189: 29-42. doi: 10.1007/978-3-642-28534-9_3.