Detalhes bibliográficos
| Ano de defesa: |
2020 |
| Autor(a) principal: |
Fonseca, Marco Aurélio Cruz |
| Orientador(a): |
Salgueiro, Ricardo José Paiva de Britto |
| Banca de defesa: |
Não Informado pela instituição |
| Tipo de documento: |
Dissertação
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
por |
| Instituição de defesa: |
Não Informado pela instituição
|
| Programa de Pós-Graduação: |
Pós-Graduação em Ciência da Computação
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: |
|
| Palavras-chave em Inglês: |
|
| Área do conhecimento CNPq: |
|
| Link de acesso: |
https://ri.ufs.br/jspui/handle/riufs/14189
|
Resumo: |
The new technologies developed for the growing challenges in computer networks, such as SDN, play a fundamental role in the innovation of the current infrastructure, but maintain problems in their management. On the one hand, SDN introduces facilities for network management and configuration with the separation of control and data plans, on the other hand, the diversity of solutions implemented through heterogeneous controllers in the same domain has been promoting incompatibilities in the integration of services. In view of this scenario, it is proposed here to adopt an architecture for the SDN services orchestration that allows the coexistence of heterogeneous controllers in a single administrative domain. The solution is demonstrated by the orchestration of the danger detection and anonymization services of IP packets in heterogeneous controllers. This work orchestrates the MAdPE-K / SDN and BomIP security services, achieving a more robust threat treatment than those offered separately. Developed for the Ryu controller, MAdPE-K / SDN monitors network signals and reacts in a bio-inspired manner, according to the theory of danger, dropping the flows perceived as threats. BomIP, on the other hand, isolates network flows by anonymizing the addresses implemented in a RunOS controller, so that any danger is prevented from reaching the rest of the network. The orchestration service was implemented in SDN with a single administrative domain, proving that it is possible to integrate different controllers working together without subdividing the data plan. The tested use cases demonstrated the balance of the control plan with reference to the threat level, where the orchestrator coordinated the most appropriate security treatment among the controllers. |
