当前位置: X-MOL 学术J. Netw. Syst. Manag. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Application-Aware Firewall Mechanism for Software Defined Networks
Journal of Network and Systems Management ( IF 4.1 ) Pub Date : 2020-03-18 , DOI: 10.1007/s10922-020-09518-z
Fahad N. Nife , Zbigniew Kotulski

Software-Defined-Networking (SDN) has been recently arising as a new technology in the IT industry. It is a network architecture that hopes to provide better solutions to most of the constraints in contemporary networks. SDN is a centralized control architecture for networking in which the control plane is separated from the data plane, the network services are abstracted from the underlying forwarding devices, and the network’s intelligence is centralized in a software-based directly-programmed device called a controller. These features of SDN provide more flexible, programmable and innovative network’s architecture. However, they may pose new vulnerabilities and may lead to new security problems. In this paper, we propose the application-aware firewall mechanism for SDN, which can be implemented as an extension to the network’s controller. In order to provide more control and visibility in applications running over the network, the system is able to detect network applications that may at some point affect network’s performance, and it is capable to dynamically enforce constraint rules on applications. The firewall architecture is designed as four cooperating modules: the Main Module, the Filtering Module, the Application Identification Module, and the Security-Enforcement Module. The proposed mechanism checks the network traffic at the network, transport, and application levels, and installs appropriate security instructions down into the network. The proposed solution features were implemented and tested using a Python-based POX controller, and the network topology was built using Mininet emulation tool.

中文翻译:

软件定义网络的应用感知防火墙机制

软件定义网络 (SDN) 最近作为 IT 行业中的一项新技术兴起。它是一种网络架构,希望为当代网络中的大多数约束提供更好的解决方案。SDN是一种集中控制架构的网络,其中控制平面与数据平面分离,网络服务从底层转发设备中抽象出来,网络的智能集中在一个基于软件的直接编程设备中,称为控制器。SDN的这些特性提供了更加灵活、可编程和创新的网络架构。但是,它们可能会带来新的漏洞并可能导致新的安全问题。在本文中,我们提出了 SDN 的应用感知防火墙机制,它可以作为网络控制器的扩展来实现。为了在网络上运行的应用程序中提供更多控制和可见性,系统能够检测可能在某些时候影响网络性能的网络应用程序,并且能够对应用程序动态实施约束规则。防火墙架构设计为四个协作模块:主模块、过滤模块、应用程序识别模块和安全执行模块。提议的机制在网络、传输和应用程序级别检查网络流量,并将适当的安全指令安装到网络中。使用基于 Python 的 POX 控制器实现和测试了所提出的解决方案功能,并使用 Mininet 仿真工具构建了网络拓扑。
更新日期:2020-03-18
down
wechat
bug