{"title":"SDNKeeper:面向sdn云的轻量级资源保护和管理系统","authors":"Xue Leng, Kaiyu Hou, Yan Chen, Kai Bu, Libin Song","doi":"10.1109/IWQoS.2018.8624135","DOIUrl":null,"url":null,"abstract":"SDN-based cloud has the merit of allowing more flexibility in network management, however, the security of network accessing and the correctness of network configuration in SDN-based cloud have not been effectively addressed yet. In this paper, SDNKeeper, a generic and fine-grained policy enforcement system in SDN-based cloud is proposed, which can defend against unauthorized attacks and avoid network resource misconfiguration. With the usage of SDNKeeper, numerous flexible network management policies can be created by administrators, which give administrators the discretionary room on controlling the network resources. To be specific, SDNKeeper can reject any unauthorized network access request at Northbound Interface (NBI), which located between application plane and control plane. Moreover, compared with other traditional policy-based access control systems, SDNKeeper is totally application-transparent and lightweight, which is easy to implement, deploy and runtime configure. Based on the prototype implementation and evaluation, we conclude that SDNKeeper can perform access control accurately with negligible computation overhead whilst the throughput degradation is still within the acceptable range.","PeriodicalId":222290,"journal":{"name":"2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"SDNKeeper: Lightweight Resource Protection and Management System for SDN-Based Cloud\",\"authors\":\"Xue Leng, Kaiyu Hou, Yan Chen, Kai Bu, Libin Song\",\"doi\":\"10.1109/IWQoS.2018.8624135\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"SDN-based cloud has the merit of allowing more flexibility in network management, however, the security of network accessing and the correctness of network configuration in SDN-based cloud have not been effectively addressed yet. In this paper, SDNKeeper, a generic and fine-grained policy enforcement system in SDN-based cloud is proposed, which can defend against unauthorized attacks and avoid network resource misconfiguration. With the usage of SDNKeeper, numerous flexible network management policies can be created by administrators, which give administrators the discretionary room on controlling the network resources. To be specific, SDNKeeper can reject any unauthorized network access request at Northbound Interface (NBI), which located between application plane and control plane. Moreover, compared with other traditional policy-based access control systems, SDNKeeper is totally application-transparent and lightweight, which is easy to implement, deploy and runtime configure. Based on the prototype implementation and evaluation, we conclude that SDNKeeper can perform access control accurately with negligible computation overhead whilst the throughput degradation is still within the acceptable range.\",\"PeriodicalId\":222290,\"journal\":{\"name\":\"2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IWQoS.2018.8624135\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWQoS.2018.8624135","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SDNKeeper: Lightweight Resource Protection and Management System for SDN-Based Cloud
SDN-based cloud has the merit of allowing more flexibility in network management, however, the security of network accessing and the correctness of network configuration in SDN-based cloud have not been effectively addressed yet. In this paper, SDNKeeper, a generic and fine-grained policy enforcement system in SDN-based cloud is proposed, which can defend against unauthorized attacks and avoid network resource misconfiguration. With the usage of SDNKeeper, numerous flexible network management policies can be created by administrators, which give administrators the discretionary room on controlling the network resources. To be specific, SDNKeeper can reject any unauthorized network access request at Northbound Interface (NBI), which located between application plane and control plane. Moreover, compared with other traditional policy-based access control systems, SDNKeeper is totally application-transparent and lightweight, which is easy to implement, deploy and runtime configure. Based on the prototype implementation and evaluation, we conclude that SDNKeeper can perform access control accurately with negligible computation overhead whilst the throughput degradation is still within the acceptable range.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
