SDFAC:software defined flow access control mechanism

Xiu-lei WANG; Guo-min ZHANG; Chao HU; Ming CHEN; Xiang-lin WEI

doi:10.11959/j.issn.1000-436x.2015299

您当前的位置：

首页 >

文章列表页 >

SDFAC:software defined flow access control mechanism

Academic paper | 更新时间：2024-06-05

- SDFAC:software defined flow access control mechanism
- Journal on Communications Vol. 36, Issue Z1, Pages: 188-196(2015)
- 作者机构：
  
  解放军理工大学指挥信息系统学院，江苏南京 210007
- 作者简介：
- 基金信息：
  
  The National Basic Research Program of China(973 Program)(2012CB315806);The National Natural Science Foundation of China(61379149);The National Natural Science Foundation of China(61402521);The Natural Science Foundation of Jiangsu Province(BK20140070);The Natural Science Foundation of Jiangsu Province(BK20140068);S&T Supporting Project of Jiangsu Province(BY2013095-1-06)
- DOI：10.11959/j.issn.1000-436x.2015299
  CLC： TP393
- Online First：2015-11，
  
  Published：25 November 2015
- 稿件说明：
移动端阅览
Xiu-lei WANG, Guo-min ZHANG, Chao HU, et al. SDFAC:software defined flow access control mechanism[J]. Journal on Communications, 2015, 36(Z1): 188-196.
DOI：

Xiu-lei WANG, Guo-min ZHANG, Chao HU, et al. SDFAC:software defined flow access control mechanism[J]. Journal on Communications, 2015, 36(Z1): 188-196. DOI： 10.11959/j.issn.1000-436x.2015299.

摘要

SDN控制平面与数据平面分离的体系架构为实现细粒度的流管理以及灵活的中心化控制提供了基础。基于此，提出了一种软件定义的流接入控制机制 SDFAC。首先从流的粒度对接入控制进行建模分析，给出了实现细粒度流接入控制所需要满足的条件；其次描述了SDFAC的基本框架和工作原理并设计了一种支持SDFAC功能的流鉴别协议；最后基于原型系统验证了SDFAC的可行性和可用性。

Abstract

The software defined networking paradigm decouples control plane from data plane

offering flexible centralized control and fine grain flow management.Based on these advantages

a novel software defined access control mechanism SDFAC was proposed.Firstly

an analysis of the access control model was given from the flow granularity

and the precondition for the fine-grained access control was deduced from the model.Secondly

the framework and basic working process of the SDFAC was described.The flow authentication protocol was designed to support the function of SDFAC.Finally

the experiment results prove the feasibility and availability of SDFAC.

关键词

Keywords

references

SANDHU R S , COYNE E J , FEINSTEIN H L , et al . Role-based access control models [J ] . IEEE Computer , 1996 , 29 ( 2 ): 38 - 47 .

DANGOVAS V , KULIESIUS F . SDN-driven authentication and access control system [J ] . Society of Digital Information ＆ Wireless Communication , 2014 .

AHMAD I , NAMAL S , YLIANTTILA M , et al . Security in software defined networks:a survey [J ] . IEEE Communications Survey ＆ Tutorials , 2015 , 99 : 1 - 30 .

YOON C H , PARK T J , LEE S G , et al . Enabling security functions with SDN:a feasibility study [J ] . Computer Networks , 2015 ,( 85 ): 19 - 35 .

HU Z Y , WANG M G , YAN X Q , et al . A comprehensive security architecture for SDN [A ] . Proceedings of the 18th International Conference on Intelligence in Next Generation Networks [C ] . Paris,France , 2015 . 30 - 37 .

KERPEZ K J , CIOFFI J M , GINIS G , et al . Software-defined access networks [J ] . IEEE Communication Magazine , 2014 , 52 ( 9 ): 152 - 159 .

MATIAS J , GARAY J , MENDIOLA A , et al . Flow NAC:flow-based network access control [A ] . Proceedings of 2014 3rd European Workshop on Software Defined Networks [C ] . Budapest , 2014 . 79 - 84 .

IEEE Std.802.1X-2010,Port-Based Network Access Control ,[EB/OL ] . http://www.ieee802.org/1/pages/802.1x-2010.html http://www.ieee802.org/1/pages/802.1x-2010.html .

Trusted computing group . trusted network connect architecture for Interoperability,specification version 1.5 [EB/OL ] . http://www.trusteddecomputinggroup.org/tnc/ http://www.trusteddecomputinggroup.org/tnc/ , 2012 .

CHAKRABORTY S , RAY I . TrustBAC-integrating trust relationships into the RBAC model for access control in open system [A ] . Proceedings of the 11th ACM symposium on Access control models and technologies [C ] . New York,USA , 2006 . 49 - 58 .

CASADO M , GARFINKEL T , AKELLA A , et al . SANE:a protection architecture for enterprise networks [A ] . Proceedings of USENIX Security Symposium [C ] . 2006 . 1 - 12 .

CASADO M , FREEDMAN M J , PETTIT J , et al . Ethane:taking control of the enterprise [J ] . ACM SIGCOMM Computer Communication Review , 2007 , 37 ( 4 ): 1 - 12 .

ZHENG R B , YANG W L , ZHOU J . Future access architecture:software-defined access networking [A ] . Proceedings of IEEE the 11th Consumer Communications and Networking Conference [C ] . Las Vegas,NV , 2014 . 881 - 886 .

KLAEDTKE F , KARAME G O , BIFULCO R , et al . Towards an access control scheme for accessing flow in SDN [A ] . Proceedings of the 1st IEEE Conference on Network Softwarization [C ] . London , 2015 . 1 - 6 .

MCKEOWN N , ANDERSON T , BALAKRISHNAN H , et al . Openflow:enabling innovation in campus networks [J ] . ACM SIGCOMM Computer Communication Review , 2008 38 : 69 - 74 .

MAZIERES D , KAMINSKY M , KAASHOEK M F , et al . Separating key management from file system security [J ] . ACM SIGOPS Operating System Review , 1999 , 33 ( 5 ): 124 - 139 .

Views

1230

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Research on network virtualization slicing mechanism in SDN-based testbeds

IMISA：interconnection mechanism for IP subnet and SDN subnet in autonomous system

Secure and efficient power data sharing platform construction approach based on blockchain oracle

Practical implementation of a full-stack information technology application innovation industry-compliant email system

Secure and collaborative spectrum sensing scheme based on audit game

Related Author

Jiang LIU

Tao HUANG

Chen ZHANG

Ge ZHANG

Yan-wei SHI

Zheng CAO

LU Ning

CHEN Fangyu

Related Institution

Beijing Advanced Innovation Center for Future Internet Technology

State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications

Key Laboratory of Computer Network and Information Integration,Ministry of Education

School of Computer Science and Engineering, Southeast University

School of Cyber Engineering, Xidian University

AI问答

⁰