《软件学报》《软件学报》软件学报Journal of Software1000-98251000-9825《软件学报》编辑部10.13328/j.cnki.jos.005020TP309软件定义网络:安全模型、机制及研究进展Software Defined Networking:Security Model, Threats and Mechanism王蒙蒙*wangmm@buaa.edu.cn刘建伟陈杰毛剑毛可飞WANGMeng-Meng*wangmm@buaa.edu.cnLIUJian-WeiCHENJieMAOJianMAOKe-Fei北京航空航天大学 电子信息工程学院 信息与网络安全实验室, 北京 100191Laboratory of Information and Network Security, School of Electronic and Information Engineering, BeiHang University, Beijing 100191, China王蒙蒙(1988-),女,河南商丘人,博士生, CCF学生会员,主要研究领域为软件定义网络安全,密码学,E-mail:wangmm@buaa.edu.cn刘建伟(1964-),男,博士,教授,博士生导师,主要研究领域为信息与网络安全,密码学陈杰(1985-),男,博士生,主要研究领域为软件定义网络安全毛剑(1978-),女,博士,讲师,主要研究领域为信息与网络安全(云安全,Web安全,移动安全)毛可飞(1977-),男,博士生,主要研究领域为网络安全协议,优化算法,软件仿真25120162749699921805201517082015
软件定义网络(software defined networking,简称SDN)初步实现了网络控制面与数据面分离的思想,然而在提供高度开放性和可编程性的同时,网络自身也面临着诸多安全问题,从而限制了SDN在很多场景下的大规模部署和应用.首先对SDN的架构和安全模型进行分析;其次,从"SDN特有/非特有的典型安全问题"和"SDN各层/接口面临的安全威胁"两方面,对SDN中存在的典型安全威胁和安全问题进行分析和归纳;随后从6个方面对现有SDN安全问题的主要解决思路及其最新研究进展分别进行探讨,包括SDN安全控制器的开发、控制器可组合安全模块库的开发和部署、控制器DoS/DDoS攻击防御方法、流规则的合法性和一致性检测、北向接口的安全性和应用程序安全性;最后对SDN安全方面的标准化工作进行了简要分析,并对SDN安全方面未来的研究趋势进行了展望.
Software defined networking(SDN) facilitates rapid and open innovation by decoupling the control plane from the data plane, thus enabling high degree of openness and programmability in network protocols and applications. However, the dynamism of programmable networks also introduces new security challenges, which limit the large-scale application of SDN in many places. This paper presents a comprehensive survey on the security of SDN. First, SDN architecture and the security model of SDN are reviewed. Next, typical security threats and security issues of SDN are summarized and classified from the following two aspects:SDN specific and non-specific threats, and the security issues associated with the SDN framework. Then an in-depth analysis is provided on the latest developments in how to build a secure and dependable SDN from the following six aspects:Building a secure SDN controller or network operating system, the modular composable security services for SDN, DoS/DDoS flooding attack prevention and detection for SDN controllers, conflict resolutions and consistency resolutions for flow rules in SDN, the security of northbound application programming interface(API), and the security of applications in SDN. Finally, a brief analysis of the standardization work on SDN security is provided, along with a discussion on future research trends in building more secured SDN.
软件定义网络OpenFlow安全模型安全威胁控制器安全北向接口安全协议software defined networkingOpenFlowsecurity modelsecurity threatscontroller securitysecurity protocol of northbound application programming interface
软件定义网络(software defined networking,简称SDN),将传统封闭的网络体系解耦为数据平面、控制平面和应用平面,在逻辑上实现了网络的集中控制与管理.SDN的突出特点是开放性和可编程性,目前已在网络虚拟化[1, 2]、数据中心网络[3, 4, 5]、无线局域网[6, 7, 8]和云计算[9, 10]等领域得到应用.
Rosemary和PANE等革命式安全控制器在设计和开发之初,便将安全机制内嵌于控制器系统,这种开发思想突破了已有控制器在系统架构、编程语言和预留接口等方面带来的诸多限制.因此,在控制器安全模块和安全服务的开发和部署方面,基于这种开发思想设计的SDN安全控制器,其系统架构的灵活性相对较高.然而,在革命式安全控制器的设计和研发方面,由于不同的研发机构其侧重点并不相同,各个SDN标准化组织也尚未发布关于SDN控制器设计方面的正式安全标准和规范,而现有的一些控制器(如Onix、ONOS、DISCO、HP VAN SDN、Ryu等)目前已在一些数据中心网络和云计算网络中得到部署.因此,综合控制器侧重的主要功能、用户在安全方面的实际需求和转换成本等多方面的因素,革命式安全控制器的开发和部署仍处于实验室测试阶段,并未得到大规模的部署和应用.
ONF于2013年10月成立了SDN北向接口工作小组(Northbound Interface Working Group,简称NBI-WG),旨在通过北向接口协议的标准化推进SDN的广泛应用.不同的厂商和参与者也分别从用户需求和商业运营等方面出发,提出了一些应用于特定环境的北向接口安全协议和方案.在学术界,目前北向接口安全方面的研究工作主要集中在控制器应用程序的访问控制方面,代表性成果除了FortNOX[20]、SE-Floodlight[22, 64]等安全架构中涉及到的北向接口安全方案之外,还包括应用程序权限管理系统PermOF[59]和OperationCheckpoint[62],以及应用程序的细粒度访问控制机制[63]等.
Wen等人[59]将控制器上的应用程序和控制器内核进行隔离,基于应用程序访问权限最小化的思想,设计了一个细粒度的控制器应用程序访问权限管理系统PermOF.PermOF分析了控制器上应用程序的18种访问权限,并引入访问控制层(access control layer),以限制非法应用程序对控制器内核资源的直接访问.相对于SE- Floodlight对整个应用程序进行签名的方式,PermOF可对应用程序的访问权限进行更细粒度的认证和管理,但这种细粒度的认证和管理方式却要以牺牲系统的处理时间和效率为代价.
ReferencesYangMLiYJinDSuLMaSZengLOpenRAN:A software-defined ran architecture via virtualization2013549550MijumbiRSerratJGorrichoJBoutenNDeTurck FBoutabaRNetwork function virtualization:State-of-the-Art and research challenges2016181239262KannanKBanerjeeSScissors:Dealing with header redundancies in data centers through SDN2013295301GhobadiMYeganehSHGanjaliYRethinking end-to-end congestion control in software-defined networks20126166LiDChenGHRenFYJiangCLXuMWData center network research progress and trends20142259274李丹陈贵海任丰原蒋长林徐明伟数据中心网络的研究进展与趋势20142259274SureshLSchulz-ZanderJMerzRFeldmannADemo:Programming enterprise WLANs with ODIN2012424279280YiGLeeSFully distributed handover based on SDN in heterogeneous wireless networks201417LeeJUddinMTourrilhesJSenSBanerjeeSArndtMKimKNadeemTmeSDN:Mobile extension of SDN2014714JinDNicolD MParallel simulation of software defined networks201391102JainROpenADN:Mobile apps on global clouds using software defined networking201212YangLDantuRAndersonTGopalRForwarding and control element separation(ForCES) framework2004GreenbergAHjalmtyssonGMaltzD AMyersARexfordJXieGYanHZhanJZhangHA clean slate 4D approach to network control and management200535341CaesarMCaldwellDFeamsterNRexfordJShaikhAvander Merwe JDesign and implementation of a routing control platform20051528AkellaABonehDMazieresDMcKeownNRosenblumMSANE/inSANE:Designing secure networks from the ground-up2006CasadoMGarfinkelTAkellaAFreedmanMJBonehDMcKeownNShenkerSSANE:A protection architecture for enterprise networks2006115CasadoMFreedmanMPettitJLuoJGudeNMcKeownNEthane:A security management architecture2006CasadoMFreedmanMJPettitJLuoJMcKeownNShenkerSEthane:Taking control of the enterprise2007112GudeNKoponenTPettitJPfaffBMartCasadoNMcKeownNShenkerSNOX:Towards an operating system for networks2008383105110Project Floodlight.2016PorrasPShinSYegneswaranVFongMTysonMGuGA security enforcement kernel for OpenFlow networks2012121126ShinSPorrasPYegneswaranVFongMGuGTysonMFRESCO:Modular composable security services for software-defined networks2013116PorrasPCheungSFongMSkinnerKYegneswaranVSecuring the software-defined network control layer2015115WangJWangJJiaoHYWangYChenSYLiuSHHuRXA method of openflow-based real-time conflict detection and resolution for SDN access control policies2015384872883王鹃王江焦虹阳王勇陈诗雅刘世辉胡宏新一种基于OpenFlow的SDN访问控制策略实时冲突检测与解决方法2015384872883ShinSGuGAttacking software-defined networks:A first feasibility study2013165166WangHXuLGuGFloodGuard:A DoS attack prevention extension in software-defined networks2015BragaRMotaEPassitoALightweight DDoS flooding attack detection using NOX/OpenFlow2010408415HongSXuLWangHGuGPoisoning network visibility in software-defined networks:New attacks and countermeasures2015115ShinSYegneswaranVPorrasPGuGAVANT-GUARD:Scalable and vigilant switch flow management in software-defined networks2013413424HindenRMSDN AND SECURITY:Why take over the hosts when you can take over the network2014McKeownNAndersonTBalakrishnanHParulkarGPetersonLRexfordJShenkerSTurnerJOpenFlow:Enabling innovation in campus networks20083826974Clean Slate Program2007ETSINetwork Functions Virtualisation2014OpenDaylight:Open source network controller2013ONFOpen Networking Foundation2013ONF. Software-Defined Networking(SDN) DefinitionONF. OpenFlow Switch Technical LibraryONFOpenFlow Switch Specification(Version 1.5.1), ONF TS-0252015RFCThe Transport Layer Security(TLS) Protocol Version 12008PorrasPToward a more secure SDN control layer2013WangHXuLGuGOF-GUARD:A DoS attack prevention extension in software-defined networks201412LaraAKolasaniARamamurthyBNetwork innovation using OpenFlow:A survey2014161493512YeganehSHTootoonchianAGanjaliYOn scalability of software-defined networking2013512136141FeiHQiHKeBA survey on software-defined network and openflow:From concept to implementation201416421812206DaiBWangHYXuGYangJOpportunities and threats coexist in SDN security.2014822542262戴彬王航远徐冠杨军SDN安全探讨:机遇与威胁并存2014822542262ZhangCKCuiYTangHYWuJPState-of-the-Art survey on software-defined networking(SDN)20152616281张朝昆崔勇唐翯翯吴建平软件定义网络(SDN)研究进展20152616281ZuoQYChenMZhaoGSXingCYZhangGMJiangPCResearch on OpenFlow-based SDN technologies201324510781097左青云陈鸣赵广松邢长友张国敏蒋培成基于OpenFlow的SDN技术研究201324510781097KlingelDKhondokerRMarxRBayarouKSecurity analysis of software defined networking architectures:PCE, 4D and SANE20141522WangJWangYHuHSunQShiHZengLTowards a security-enhanced firewall application for openflow networks201392103XiaWWenYFohCHNiyatoDXieHA survey on software-defined networking20151712751Al-ShaerEAl-HajSFlowChecker:Configuration analysis and verification of federated openflow infrastructures20103744SonSSeungwonSYegneswaranVPorrasPGuofeiGModel checking invariant security properties in OpenFlow201319741979ReitblattMFosterNRexfordJWalkerDConsistent updates for software-defined networks:Change you can believe in201116KhurshidAZhouWCaesarMGodfreyPBVeriFlow:Verifying network-wide invariants in real time20124954BentonKCampLJSmallCOpenFlow vulnerability assessment2013151152KlotiRKotronisVSmithPOpenFlow:A security analysis201316WassermanMHartmanSSecurity analysis of the open networking foundation(onf) openflow switch specification2013KreutzDRamosFMVEstevesVPEsteveRCAzodolmolkySUhligSSoftware-Defined networking:A comprehensive survey201510311476NunesBAAMendoncaMNguyenXObraczkaKTurlettiTA survey of software-defined networking:Past, present, and future of programmable networks201416316171634WenXChenYHuCShiCWangYTowards a secure controller platform for openflow applications2013171172SezerSScott-HaywardSChouhanPFraserBLakeDFinneganJViljoenNMillerMRaoNAre we ready for SDN? Implementation challenges for software-defined networks20135173643BrazilJThe Northbound API is the key to OpenFlow's Success2012Scott-HaywardSKaneCSezerSOperationCheckpoint:SDN application control2014618623KlaedtkeFKarameGOBifulcoRCuiHAccess control for SDN controllers2014219220SRITeamTexasA&M TeamOpenflowsec2013TaschMKhondokerRMarxRBayarouKSecurity analysis of security applications for software defined networks20142330KreutzDRamosFMVVerissimoPTowards secure and dependable software-defined networks20135560GiesenFKohlarFStebilaDOn the security of TLS renegotiation2013387398DasMLSamdariaNOn the security of SSL/TLS-enabled applications2014101-26881ONF. OpenFlow Technical SpecificationsSDxCentral. What are SDN Northbound APIs?Matsumoto C. ONF Will Tackle SDN's Northbound InterfaceOktianYELeeSLeeHLamJSecure your Northbound SDN API2015919920ONFReal Time Media NBI REST Specification(Version 12015Scott-HaywardSO'CallaghanGSezerSSDN security:A survey201317Floodlight documentationPOX. Python network controllerEricksonDThe beacon openflow controller20131318CaiZCoxALNgTSEMaestro:A system for scalable openflow control2011BanikazemiMOlshefskiDShaikhATraceyJWangGMeridian:An SDN platform for cloud network services2013512120127SaikiaDKongSMalikNKimDOpenMuL:High Performance SDNTootoonchianAGorbunovSGanjaliYCasadoMSherwoodROn controller performance in software-defined networks201216FergusonADGuhaALiangCFonsecaRKrishnamurthiSParticipatory networking:An API for application control of SDNs2013327338NEC. ProgrammableFlow ControllerShinSSongYLeeTLeeSChungJPorrasPYegneswaranVNohJKangBBRosemary:A robust, secure, and high-performance network operating system20147889RyuSDN Framework CommunityRyu:Component-Based software defined networking framework2014IRIS Research Group. OpenIRIS:The recursive SDN OpenFlow controller by ETRITrema:Full-Stack OpenFlow framework in Ruby and CKoponenTCasadoMGudeNStriblingJPoutievskiLZhuMRamanathanRIwataYInoueHHamaTShenkerSOnix:A distributed control platform for large-scale production networks201016BerdePGerolaMHartJHiguchiYKobayashiMKoideTLantzBO'ConnorBRadoslavovPSnowWParulkarGONOS:Towards an open, distributed SDN OS201416PhemiusKBouetMLeguayJDISCO:Distributed multi-domain SDN controllers201414MatsumotoSHitzSPerrigAFleet:Defending SDNs from malicious administrators2014103108HPHP SDN Controller Architecture2013TootoonchianAGanjaliYHyperFlow:A distributed control plane for openflow201016YeganehSHGanjaliYKandoo:A framework for efficient and scalable offloading of control applications20121924KoponenTAmidonKBallandPMartCasadoNChandaAFultonBGanichevIGrossJGudeNIngramPJacksonELambethALengletRLiSPadmanabhanAPettitJPfaffBRamanathanRShenkerSShiehAStriblingJThakkarPWendlandtDYipAZhangRNetwork virtualization in multi-tenant datacenters2014203216BotelhoFBessaniARamosFMVFerreiraPOn the design of practical fault-tolerant sdn controllers20147378MonacoMMichelOKellerEApplying operating system principles to SDN controller design201317GuGPorrasPYegneswaranVFongMLeeWBotHunter:Detecting malware infection through IDS-driven dialog correlation2007167182SherwoodRGibbGYapKAppenzellerGCasadoMMcKeownNParulkarGFlowvisor:A network virtualization layer2009DutertreBdeMoura LIntegrating simplex with DPPL(T)2006DutertreBdeMoura LA fast linear-arithmetic solver for DPLL(T)200641448194BallTBjNRnerGemberAItzhakySKarbyshevASagivMSchapiraMValadarskyAVeriCon:Towards verifying controller programs in software-defined networks2014282293CaniniMVenzanoDPerePNiKostiDRexfordJA NICE way to test openflow applications2012114HuHHanWAhnGZhaoZFLOWGUARD:Building robust firewalls for software-defined networks201497102SuhMParkSHLeeBYangSBuilding firewall over the software-defined network controller2014744748SherwoodRGibbGYapKAppenzellerGCasadoMMcKeownNParulkarGCan the production network be the testbed201016SherwoodRNaousJSeetharamanSUnderhillDYabeTYapKYiakoumisYZengHAppenzellerGJohariRMcKeownNChanMParulkarGCovingtonAGibbGFlajslikMHandigolNHuangTKazemianPKobayashiMCarving research slices out of your production networks with OpenFlow2010401129130CuiJSGuoCChenLZhangYNHuangDJEstablishing process-level defense-in-depth framework for software defined networks2014251022512265崔竞松郭迟陈龙张雅娜DijiangHuang创建软件定义网络中的进程级纵深防御体系结构2014251022512265ONFPrinciples and practices for securing software-defined networks2015ONFSDN security considerations in the data center(Solution Brief)2013IETFPolicy architecture and framework for NFV infrastructures2015IETFSPRING OpenFlow interworking requirements2015IETFVerification of NFV services:Problem statement and challenges2015ITU. ITU Telecommunication Standardization SectorEuropean Telecommunications Standards InstituteChina Communications Standards Association