摘要: |
在传统网络中,集成多种网络功能的控制平面和负责转发数据包的数据平面是紧密耦合的,并且通常嵌入在一个专用设备中,这严重限制了网络管理的灵活性和网络服务的创新性。软件定义网络(Software-Defined Networking,SDN)作为一种新型的网络范式,通过将控制平面与数据平面解耦克服了传统网络架构的不足。研究人员凭借全网视图可见性以及对网络设备直接编程的能力提出了诸多SDN应用场景,如数据中心网络、云和广域网。然而SDN带来的灵活性、可管理性以及可编程性等优点是以引入新的安全挑战为代价。本文聚焦SDN网络中的资源消耗型攻击,首先分层整理了SDN网络中的关键资源以及攻击目标,然后对控制平面、控制通道和数据平面存在的多种资源消耗型攻击以及现有防御机制做出了详细的分析和归纳,最后对未来的研究工作进行了展望,并提出了一些潜在的研究方向。 |
关键词: 软件定义网络 安全 资源消耗型攻击 |
DOI:10.19363/J.cnki.cn10-1380/tn.2020.07.06 |
Received:December 20, 2019Revised:February 09, 2020 |
基金项目:本课题得到中国科学院战略性先导科技专项(No.Y9W0011505)资助。 |
|
Survey on Resource Consumption Attacks and Defenses in Software-Defined Networking |
XU Jianfeng,WANG Liming,XU Zhen |
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China |
Abstract: |
In traditional networks, a control plane integrating various network functions and a data plane responsible for forwarding packets, are tightly coupled and typically embedded within a single proprietary device, which severely limits the flexibility of network management and the potential for network service innovation. Software-Defined Networking (SDN), as a promising network paradigm, circumvents these deficiencies in traditional networks via decoupling the control plane from the data plane. With the excitement of holistic visibility across the network and the ability to program network devices directly, researchers have rushed to present a range of new SDN-enhanced application scenarios, such as data center networks, cloud and wide area networks. The flexibility, manageability and programmability brought by SDN, however, come at the cost of new security challenges. This paper focuses on resource consumption attacks in SDN networks. It first introduces the key resources and attack targets in SDN, and then summarizes and analyzes the possible consumption attacks and existing countermeasures in control plane, control channel, and data plane. Finally, this survey paper discusses some future works and suggested research directions. |
Key words: software-defined networking(SDN) security resource consumption attack |