Aiming at the problem that network topology changes frequently in SDN (Software Defined Network) environment and it is difficult to implement fine-grained access control, utilizing the characteristics of SDN transfer control separation and software programming, the ABAC model (Attribute-Based Access Control) is extended by introducing security level, and the security level is defined for the attributes of subject and object to establish the access mapping relationship based on mandatory access rules. At the same time, with secure access path as SDN access control attribute, a dynamic generation method of access control path based on PSO (Particle Swarm Optimization) algorithm is designed to ensure the security of access data flow. The prototype system experiments show that the proposed method takes into account the fine-grained and dynamic requirements of SDN access control, and improves the access security of SDN while ensuring the access efficiency.
Zhang, J., Yun, L.J. and Zhou, Z. (2008) Research of BLP and Biba Dynamic Union Model Based on Check Domain. International Conference on Machine Learning & Cybernetics. https://doi.org/10.1109/icmlc.2008.4621044
Hu, V.C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R. and Scarfone, K. (2014) Guide to Attribute Based Access Control (ABAC) Definition and Considerations. Special Publication 800-162, U.S. Department of Commerce, January. National Institute of Standards and Technology.
Neri, G., Morling, R.C.S., Cain, G.D., et al. (1984) MININET: A Local Area Network for Real-Time Instrumentation Applications. Computer Networks, 8, 107-131.