All Title Author
Keywords Abstract


A Dynamic Access Control Method for SDN

DOI: 10.4236/jcc.2019.710010, PP. 105-115

Keywords: Access Control, Security, SDN, ABAC, Dynamic

Full-Text   Cite this paper   Add to My Lib

Abstract:

Aiming at the problem that network topology changes frequently in SDN (Software Defined Network) environment and it is difficult to implement fine-grained access control, utilizing the characteristics of SDN transfer control separation and software programming, the ABAC model (Attribute-Based Access Control) is extended by introducing security level, and the security level is defined for the attributes of subject and object to establish the access mapping relationship based on mandatory access rules. At the same time, with secure access path as SDN access control attribute, a dynamic generation method of access control path based on PSO (Particle Swarm Optimization) algorithm is designed to ensure the security of access data flow. The prototype system experiments show that the proposed method takes into account the fine-grained and dynamic requirements of SDN access control, and improves the access security of SDN while ensuring the access efficiency.

References

[1]  Xia, W.F., Wen, Y.G., Foh, C.H., et al. (2015) A Survey on Software-Define Networking. IEEE Communications Surveys & Tutorials, 17, 27-51. https://doi.org/10.1109/comst.2014.2330903
[2]  Farhady, H., Lee, H. and Nakao, A. (2015) Software-Defined Networking: A Survey. Computer Networks, 81, 79-96. https://doi.org/10.1016/j.comnet.2015.02.014
[3]  Pujolle, G.: (2015) Software Networks Virtualization, SDN, 5G and Security. ISTE Ltd and Wiley, London and New York. https://doi.org/10.1002/9781119005100.ch1
[4]  Nife, F. and Kotulski, Z. (2018) New SDN-Oriented Authentication and Access Control Mechanism. International Conference on Computer Networks.
[5]  Zhang, J., Yun, L.J. and Zhou, Z. (2008) Research of BLP and Biba Dynamic Union Model Based on Check Domain. International Conference on Machine Learning & Cybernetics. https://doi.org/10.1109/icmlc.2008.4621044
[6]  Kumar, N.V.N. and Shyamasundar, R.K. (2017) A Complete Generative Label Model for Lattice-Based Access Control Models. International Conference on Software Engineering & Formal Methods.
[7]  Hu, V.C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R. and Scarfone, K. (2014) Guide to Attribute Based Access Control (ABAC) Definition and Considerations. Special Publication 800-162, U.S. Department of Commerce, January. National Institute of Standards and Technology. https://doi.org/10.6028/nist.sp.800-162
[8]  Kennedy, J. (1995) Particle Swarm Optimization. Proc. of 1995 IEEE Int. Conf. Neural Networks, Perth, Australia, 27 November-December 1995.
[9]  Hu, W., Yen, G.G. and Zhang, X. (2014) Multiobjective Particle Swarm Optimization Based on Pareto Entropy. Journal of Software, 25, 1025-1050.
[10]  Malinen, J. Hostapd: IEEE 802.11 AP, IEEE 802.1x/WPA/WPA2/EAP/RADIUS Authenticator. https://w1.fi/hostapd/
[11]  FreeRADIUS, FreeRADIUS Project. https:freeradius.org/
[12]  POX Controller, POX Wiki. https://openflow.stanford.edu/display/ONL/POX+Wiki
[13]  Neri, G., Morling, R.C.S., Cain, G.D., et al. (1984) MININET: A Local Area Network for Real-Time Instrumentation Applications. Computer Networks, 8, 107-131. https://doi.org/10.1016/0376-5075(84)90039-4

Full-Text

comments powered by Disqus