时间:2022-09-07 06:11:33
1 Introduction
Information technology has come a long
>> From CIA to PDR: A Top?Down Survey of SDN Security for Cloud DCN Cloud computing and network security research Data Security and Privacy in Cloud Storage Computation Partitioning in Mobile Cloud Computing: A Survey Determinants of Tax Evasion Behavior: Empirical Evidence from Survey Data 沥青路面Top—Down开裂机理研究综述 Novel top-down methods for Hierarchical Text Classification Inventor基于多实体的Top―Down设计 浅析沥青面层厚度对Top―Down裂缝的影响 基于PDM系统平台的Top―Down协同设计研究 Top―Down与Bottom―Up如何促进听力理解 Wireless Physical Layer Security with Imperfect Channel State Information: A Survey Survey:Top Ten Pressing Issues Expected to Be Addressed at Two Sessions 2013 A Survey on Persian Metaphors in Political Texts from Cognitive Point of View It’s all systems go for Expo as security becomes top priority Analysis of the College Financial Security Mechanism from the Vision of Governance Structure Scourge of Sexual Violence in Armed Conflict “Far from Being Rooted out,”Security Council Told Top Tips from India’s Best Health Experts The Top Ten Words That Come from“Mother” 基于PRO/E的手机TOP—DOWN的设计 常见问题解答 当前所在位置:l
[5] W. Schwartau. “Time based security,” New York, USA: Interpact Press, 1999.
[6] S. T. Ali, V. Sivaraman, A. Radford, and S. Jha, “A survey of securing networks using software defined networking,” IEEE Transactions on Reliability, vol. 64, no. 3, pp. 1086?1097, Sept. 2015. doi: 10.1109/tr.2015.2421391.
[7] S. Scott?Hayward, S. Natarajan, and S. Sezer, “A survey of security in software defined networks,” IEEE Communications Surveys & Tutorials, vol. PP, no. 99, p. 1, Jul. 2015. doi: 10.1109/comst.2015.2453114.
[8] I. Alsmadi and D. Xu, “Security of software defined networks: a survey,” Computers & Security, vol. 53, pp. 79?108, Sep. 2015. doi: 10.1016/j.cose.2015.05.006.
[9] J. Fran?ois, L. Dolberg, O. Festor, and T. Engel, “Network security through software defined networking: a survey,” in Proc. Conference on Principles, Systems and Applications of IP Telecommunications, Chicago, USA, 2014, p. 6. doi: 10.1145/2670386.2670390.
[10] Cisco Systems. Cisco Global Cloud Index: Forecast and Methodology, 2014?2019 [Online]. Available:
[11] X. Wang, Z. Liu, B. Yang, Y. Qi, and J. Li, “Tualatin: towards network security service provision in cloud datacenters,” in IEEE 23rd International Conference on Computer Communication and Networks (ICCCN), Shanghai, China, 2014, pp. 1?8. doi: 10.1109/icccn.2014.6911782.
[12] Virtual Extensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Llayer 2 Networks over Layer 3 Networks, IETF RFC 7348, Aug. 2014.
[13] Service Function Chaining (SFC) Architecture, IETF RFC 7665, Oct. 2015.
[14] S. Jain, A. Kumar, S. Mandal, et al., “B4: experience with a globally?deployed software defined wan,” ACM SIGCOMM Computer Communication Review, vol. 43, no. 4, pp. 3?14, 2013. doi: 10.1145/2486001.2486019.
[15] C. Hong, S. Kandula, R. Mahajan, et al., “Achieving high utilization with software?driven WAN,” ACM SIGCOMM Computer Communication Review, vol. 43, no. 4, pp. 15?26, 2013. doi: 10.1145/2486001.2486012.
[16] Akamai. Q2 2015 State of the Internet―Security Report [Online]. Available:
[17] J. Mudigonda, P. Yalagandula, J. C. Mogul, B. Stiekes, and Y. Pouffary. “NetLord: a scalable multi?tenant network architecture for virtualized datacenters,” ACM SIGCOMM Computer Communication Review, vol. 41, no. 4, pp. 62?73, 2011. doi: 10.1145/2018436.2018444.
[18] T. Koponen, K. Amidon, P. Balland, et al., “Network virtualization in multi?tenant datacenters,” in Proc. 11th USENIX Symposium on Networked Systems Design and Implementation, Seattle, USA, Apr. 2014.
[19] X. Wang, Z. Liu, Y. Qi, and J. Li, “LiveCloud: a lucid orchestrator for cloud datacenters,” in Proc. IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom), Los Alamitos, USA, pp. 341?348, Dec. 2012. doi: 10.1109/cloudcom.2012.6427544.
[20] A. Bremler?Barr, Y. Harchol, D. Hay, and Y. Koral, “Deep packet inspection as a service,” in Proc. 10th ACM International on Conference on Emerging Networking Experiments and Technologies, Sydney, Australia, pp. 271?282, 2014.
[21] Z. A. Qazi, C. Tu, L. Chiang, et al., “SIMPLE?fying middlebox policy enforcement using SDN,” ACM SIGCOMM Computer Communication Review, vol. 43, no. 4, pp. 27?38, 2013. doi: 10.1145/2486001.2486022.
[22] S. Fayazbakhsh, L. Chiang, V. Sekar, M. Yu, and J. Mogul, “Enforcing network?wide policies in the presence of dynamic middlebox actions using FlowTags,” in Proc. 11th USENIX Symposium on Networked Systems Design and Implementation, Seattle, USA, Apr. 2014, pp. 533?546.
[23] A. Gember, A. Krishnamurthy, S. St. John, et al., “Stratos: a network?aware orchestration layer for middleboxes in the cloud,” University of Wisconsin?Madison, Madison, USA, Tech. Rep., 2013.
[24] A. Gember, R. Viswanathan, C. Prakash, et al., “OpenNF: enabling innovation in network function control,” in Proc. ACM Conference on SIGCOMM, Chicago, USA, pp. 163?174, 2014. doi: 10.1145/2619239.2626313.
[25] W. Liu, X. Qiu, P. Chen, et al., “SDSA: a programmable software defined security platform,” in Proc. International Conference on Cloud Computing Research and Innovation, Biopolis, Singapore, Oct. 2014, pp. 101?106.
[26] A. Mahimkar, J. Dange, V. Shmatikov, H. Vin, and Y. Zhang, “dFence: transparent network?based denial of service mitigation,” Proc. 4th USENIX Symposium on Networked Systems Design and Implementation, Cambridge, USA, Apr. 2007, pp. 327?340.
[27] JE Belissent, “Method and apparatus for preventing a denial of service (DoS) attack by selectively throttling TCP/IP requests,” U.S. Patent No. 6,789,203. 7, Sep. 2004.
[28] J. Ioannidis and S. M. Bellovin, “Pushback: router?based defense against DDOS attacks,” in Proc. Network and Distributed System Security (NDSS) Symposium, San Diego, USA, Feb. 2002. doi: 10.5353/th_b3017330.
[29] T. L. Hinrichs, N. Gude, M. Casado, J. C. Mitchell, and S. Shenker, “Practical declarative network manage,” in Proc. 1st ACM SIGCOMM Workshop on Research on Enterprise Networking, Barcelona, Spain, Aug. 2009, pp. 1?10. doi: 10.1007/978?3?540?92995?6_5.
[30] C. Prakash, J. Lee, Y. Turner, et al., “PGA: using graphs to express and automatically reconcile network policies,” in Proc. ACM Conference on Special Interest Group on Data Communication, London, UK, Aug. 2015, pp. 29?42. doi: 10.1145/2785956.2787506.
[31] N. Foster, R. Harrison, M. J. Freedman, et al., “Frenetic: a network programming language,” ACM SIGPLAN Notices, vol. 46, no. 9, pp. 279?291, 2011. doi: 10.1145/2034773.2034812.
[32] C. Monsanto, J. Reich, N. Foster, J. Rexford, and D. Walker, “Composing software?defined networks,” in Proc. 10th USENIX Symposium on Networked Systems Design and Implementation, Lombard, USA, Apr. 2013. doi: 10.1016/b978?0?12?416675?2.00014?0.
[33] N. Kang, Z. Liu, J. Rexford, and D. Walker, “Optimizing the ‘one big switch’ abstraction in software?defined networks,” in Proc. Ninth ACM Conference on Emerging Networking Experiments and Technologies, Santa Barbara, USA, Dec. 2013, pp. 13?24. doi: 10.1145/2535372.2535373.
[34] X. Wang, W. Shi, Y. Xiang, and J. Li, “Efficient network security policy enforcement with policy space analysis,” IEEE/ACM Transactions on Networking, 2016. doi: 10.1109/tnet.2015.2502402.
[35] A. R. Curtis, J. C. Mogul, J. Tourrilhes, et al., “DevoFlow: scaling flow management for high?performance networks,” ACM SIGCOMM Computer Communication Review, vol. 41, no. 4, pp. 254?265, 2011. doi: 10.1145/2018436.2018466.
[36] P. Kazemian, G. Varghese, and N. McKeown, “Header space analysis: static checking for networks,” in Proc. 9th USENIX Symposium on Networked Systems Design and Implementation, San Jose, USA, Apr. 2012, pp. 113?126.
[37] M. Reitblatt, N. Foster, J. Rexford, C. Schlesinger, and D. Walker, “Abstractions for network update,” in Proc. ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, Helsinki, Finland, Aug. 2012, pp. 323?334. doi: 10.1145/2377677.2377748.
[38] W. Zhou, D. Jin, J. Croft, M. Caesar, and P. Godfrey, “Enforcing customizable consistency properties in software?defined networks,” in Proc. 12th USENIX Symposium on Networked Systems Design and Implementation, Oakland, USA, Apr. 2015, pp. 73?85.
[39] B. Vamanan, G. Voskuilen, and T. Vijaykumar, “EffiCuts: optimizing packet classification for memory and throughput,” ACM SIGCOMM Computer Communication Review, vol. 41, no. 4, pp. 207?218, 2011. doi: 10.1145/1851182.1851208.
[40] Y. Qi, L. Xu, B. Yang, Y. Xue, and J. Li, “Packet classification algorithms: from theory to practice,” in Proc. 28th Conference on Computer Communications, Rio de Janeiro, Brazil, Apr. 2009, pp. 648?656. doi: 10.1109/infcom.2009.5061972.
[41] J. McCauley, A. Panda, M. Casado, T. Koponen, and S. Shenker, “Extending SDN to large?scale networks,” Open Networking Summit, Research Track, Santa Clara, USA, 2013.
[42] S. Ratnasamy and S. Shenker. Quick Overview of SDN/NFV Research at Berkeley [Online]. Available: http://onrc.stanford.edu/protected%20files/Day1/6.%20Overview%20of%20SDNv2%20Architecture%20and%20Related%20Efforts.pdf
[43] S. Shin, P. Porras, V. Yegneswaran, et al., “FRESCO: modular composable security services for software?defined networks,” in Proc. 2014 Workshop on Security of Emerging Networking Technologies, San Diego, USA. doi: 10.14722/sent.2014.23006.
[44] M. Yu, J. Rexford, M. J. Freedman, and J. Wang. “Scalable flow?based networking with DIFANE,” ACM SIGCOMM Computer Communication Review, vol. 41, no. 4, pp. 351?362, 2011. doi: 10.1145/1851182.1851224.
[45] M. Dobrescu, N. Egi, K. Argyraki, et al., “RouteBricks: exploiting parallelism to scale software routers,” in Proc. ACM SIGOPS 22nd Symposium on Operating Systems Principles, Big Sky, USA, 2009, pp. 15?28. doi: 10.1145/1629575.1629578.
[46] V. Sekar, N. Egi, S. Ratnasamy, M. Reiter, and G. Shi, “Design and implementation of a consolidated middlebox architecture,” in Proc. 9th USENIX Symposium on Networked Systems Design and Implementation, San Jose, USA, Apr. 2012, pp. 24?24.
[47] Y. Qi, F. He, X. Wang, et al., “OpenGate: towards an open network services gateway,” Computer Communications, vol. 34, no. 2, pp. 200?208, 2011.
[48] M. V. Mahoney and P. K. Chan, “Learning nonstationary models of normal network traffic for detecting novel attacks,” in Proc. Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada, 2002, pp. 376?385. doi: 10.1145/775047.775102.
[49] W. Fan, M. Miller, S. Stolfo, W. Lee, and P. Chan, “Using artificial anomalies to detect unknown and known network intrusions,” Knowledge and Information Systems, vol. 6, no. 5, 2004, pp. 507?527. doi: 10.1109/icdm.2001.989509.
[50] N. B. Anuar, M. Papadaki, S. Furnell, and N. Clarke, “An investigation and survey of response options for intrusion response systems (IRSs),” in IEEE Information Security for South Africa, Johannesburg, South Africa, 2010, pp. 1?8. doi: 10.1109/issa.2010.5588654.
Manuscript received: 2015?12?01
Biographies
Zhi Liu (zhi?) is currently a PhD candidate at Department of Automation, Tsinghua University, China. He received his BS degree from Department of Automation, Tsinghua University in 2012. His research interests include software?defined networking, cloud datacenter network, and performance optimization for networking algorithms and systems.
Xiang Wang (xiang?) received his PhD degree in 2015 from Department of Automation, Tsinghua University. He received his MS degree from the School of Software Engineering, University of Science and Technology of China in 2010 and BS degree from the School of Telecommunication Engineering, Xidian University, China in 2007. His research interests include software?defined networking, distributed system, and performance issues in computer networking and system architectures.
Jun Li () received his PhD degree in Computer Science from New Jersey Institute of Technology (NJIT), USA, and MS and BS degrees in Control and Information from Department of Automation, Tsinghua University. He is currently a professor at Tsinghua University, and Executive Deputy Director of the Tsinghua National Laboratory for Information Science and Technology. Before rejoined Tsinghua University in 2003, he held executive positions at ServGate Technologies, which he co?founded in 1999. Prior to that, he was a senior software engineer at EXAR and TeraLogic. In between of his MS and PhD studies, he was an assistant professor then lecturer in the Department of Automation, Tsinghua University. His current research interests mainly focus on networking and network security.