| Software-Defined Networking (SDN) has become a novel research focus. Theemergence of SDN technology may bring numerous benefits. In a SDN environment,network application developers can program the behaviors of the network. Thereforethey have more flexibility when managing and configuring networks. They can controlthe network traffic of the lower layer network infrastructure through programming thecontroller applications. However, with the fast development and deployment of the SDNand its underlying technology OpenFlow, there are some potential security threats. Someof these threats are brought with the introduction of the SDN while others are existed orpotential security problems but may be better addressed with the help of the functionalityprovided by SDN. For instance, the better controllability of SDN adds to the networkopens more opportunities to the cloud security research, especially in traffic monitoring.This research project is about the security issues concerning the SDN and OpenFlow.First, we study the traffic monitoring issue in the cloud computing environment.(i.e.How to apply security monitoring devices into cloud networks.) We respectively discusstwo situations that when the virtual security gateway has or has not the capacity limit, theplacement of the virtual security gateways. We propose algorithms for each situation.Through the experimental comparison between our algorthims with the brute forcealgorithm, we demonstrate that our algorithms can get better results (fewer securityvirtual gateways).Second, we study the placement of virtual gateways with capacity in SDNenvironment. We present the strategy of placement with the novel functions that the SDNtechnology brings. After formulating the problem into the bin-packing problem (BPP),we propose some modified algorithms based on the BPP. We conduct extensiveexperiments to show that the running time of NF algorithm is the smallest, however it hasthe worst solution. The solutions of the rest of the algorithms are similar based on ourdata set.Third, we discuss the consistency problem in SDN: the verification of networkinvariants. First we give the concepts of network configuration update, consistency andnetwork invariants. We use experimental simulation to discover that due to the networkdelay, the rules a controller application sent to the network infrastructure do not takeeffect consistently. In addition, we discuss the consistent packet processing problem andgive an analysis of the overhead of applying the database theory to address this problem.Finally, we conclude the dissertation and give future work prospects. |
PDF Full Text Request