Design and Implementation of Mimic Network Operating System

Wang Zhenpeng; Hu Hongchao; Cheng Guozhen

doi:10.7544/issn1000-1239.2017.20170444

Journal of Computer Research and Development > 2017 > 54(10): 2321-2333. > DOI: 10.7544/issn1000-1239.2017.20170444 CSTR: 32373.14.issn1000-1239.2017.20170444

Wang Zhenpeng, Hu Hongchao, Cheng Guozhen. Design and Implementation of Mimic Network Operating System[J]. Journal of Computer Research and Development, 2017, 54(10): 2321-2333. DOI: 10.7544/issn1000-1239.2017.20170444

Citation:

PDF (3663 KB)

Design and Implementation of Mimic Network Operating System

(National Digital Switching System Engineering & Technological Research Center, Zhengzhou 450003)

More Information

Published Date: September 30, 2017

Graphical Abstract

Abstract

Abstract

As a mission-critical network component in software defined networking (SDN), SDN control plane is suffering from the vulnerabilities exploited to launch malicious attacks, such as malicious applications attack, modifying flow rule attack, and so on. In this paper, we design and implement mimic network operating system (MNOS), an active defense architecture based on mimic security defense to deal with it. In addition to the SDN data plane and control plane, a mimic plane is introduced between them to manage and dynamically schedule heterogeneous SDN controllers. First, MNOS dynamically selects m controllers to be active to provide network service in parallel according to a certain scheduling strategy, and then judges whether controllers are in benign conditions via comparing the m responses from the controllers, and decides a most trusted response to send to switches so that the minority of malicious controllers will be tolerated. Theoretical analysis and experimental results demonstrate that MNOS can reduce the successful attack probability and significantly improve network security, and these benefits come at only modest cost: the latency is only about 9.47% lower. And simulation results prove that the scheduling strategy and decision fusion method proposed can increase system diversity and the accuracy of decisions respectively, which will enhance the security performance further.

FullText(HTML)

References (0)

[1]	Liu Yongzhi, Qin Guiyun, Liu Pengtao, Hu Chengyu, Guo Shanqing. Provably Secure Public Key Authenticated Encryption with Keyword Search Based on SGX[J]. Journal of Computer Research and Development, 2023, 60(12): 2709-2724. DOI: 10.7544/issn1000-1239.202220478
[2]	Wang Houzhen, Qin Wanying, Liu Qin, Yu Chunwu, Shen Zhidong. Identity Based Group Key Distribution Scheme[J]. Journal of Computer Research and Development, 2023, 60(10): 2203-2217. DOI: 10.7544/issn1000-1239.202330457
[3]	Li Zichen, Xie Ting, Zhang Juanmei, Xu Ronghua. Post Quantum Authenticated Key Exchange Protocol Based on Ring Learning with Errors Problem[J]. Journal of Computer Research and Development, 2019, 56(12): 2694-2701. DOI: 10.7544/issn1000-1239.2019.20180874
[4]	Yang Yatao, Zhang Yaze, Li Zichen, Zhang Fengjuan, Liu Boya. RAKA: New Authenticated Key Agreement Protocol Based on Ring-LWE[J]. Journal of Computer Research and Development, 2017, 54(10): 2187-2192. DOI: 10.7544/issn1000-1239.2017.20170477
[5]	Yang Xiaoyan, Hou Mengbo, Wei Xiaochao. Verifier-Based Three-Party Password Authenticated Key Exchange Protocol[J]. Journal of Computer Research and Development, 2016, 53(10): 2230-2238. DOI: 10.7544/issn1000-1239.2016.20160463
[6]	Wen Weiqiang, Wang Libin. A Strongly Secure Lattice-Based Key Exchange Protocol[J]. Journal of Computer Research and Development, 2015, 52(10): 2258-2269. DOI: 10.7544/issn1000-1239.2015.20150518
[7]	Sun Yu, Han Qingtong, and Liu Jianwei. Design of Key Exchange Protocol Based on Short Group Signature[J]. Journal of Computer Research and Development, 2012, 49(12): 2619-2622.
[8]	Gao Haiying. Provable Secure ID-Based Authenticated Key Agreement Protocol[J]. Journal of Computer Research and Development, 2012, 49(8): 1685-1689.
[9]	Pan Jiaxin and Wang Libin. A Modular Approach Towards Design and Analysis of Authenticated Key Exchange Protocol Based on Extended Canetti-Krawczyk Model[J]. Journal of Computer Research and Development, 2011, 48(8): 1390-1399.
[10]	Ren Yongjun, Wang Jiandong, Wang Jian, Xu Dazhuan, and Zhuang Yi. Identity-Based Authenticated Key Agreement Protocols in the Standard Model[J]. Journal of Computer Research and Development, 2010, 47(9): 1604-1610.