[1] Open Network Foundation. Software-defined networking:the new norm for networks[EB/OL].[2015-04-13]. https://www.opennetworking.org/images/stories/downloads/sdn-resourres/white-papers/wp-sdn-newnorm.pdf. [2] MCKEOWN N, ANDERSON T, BALAKRISHNAN H, et al. OpenFlow:enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2):69-74. [3] FIELDING R T. Architectural styles and the design of network-based software architectures[D]. Irvine:University of California, 2000:76-85. [4] SEZER S, SCOTTHAYWARD S, CHOUHAN P K, et al. Are we ready for SDN? Implementation challenges for software-defined networks[J]. IEEE Communications Magazine, 2013, 51(7):36-43. [5] KREUTZ D, RAMOS F M, VERISSIMO P. Towards secure and dependable software-defined networks[C]//Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. New York:ACM, 2013:55-60. [6] HAN W, HU H, AHN G-J. LPM:layered policy management for software-defined networks[C]//DBSEC 2014:Proceedings of the 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, LNCS 8556. Berlin:Springer, 2014:356-363. [7] CHEN X, ZHAO B, MA S, et al. Leveraging master-slave OpenFlow controller arrangement to improve control plane resiliency in SD-EONs[J]. Optics Express, 2015, 23(6):7550-7558. [8] SHIN S, SONG Y, LEE T, et al. Rosemary:a robust, secure, and high-performance network operating system[C]//CCS 2014:Proceedings of the 2014 ACM SIGSAC Conference on Computer Communications Security. New York:ACM, 2014:78-89. [9] SHIN S, PORRAS P, YEGNESWARAN V, et al. FRESCO:Modular composable security services for software-defined networks[C/OL]//Proceedings of the 2013 ISOC Network and Distributed Security Symposium. San Diego:Internet Society, 2013.[2015-05-01]. http://www.dnssec-test-dyn.com/sites/default/files/07_2_0.pdf. [10] PORRAS P, SHIN S, YEGNESWARAN V, et al. A security enforcement kernel for OpenFlow networks[C]//Proceedings of the 1st ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. New York:ACM, 2012:121-126. [11] PORRAS P, CHEUNG S, FONG M, et al. Securing the software-defined network control layer[C/OL]//Proceedings of the 2015 Network and Distributed System Security Symposium. San Diego:Internet Society, 2015.[2015-05-01]. http://www.internetsociety.org/sites/default/files/10_3_2.pdf. [12] JASSON CASEY C J, SUTTON A, DOS REIS G, et al. Eliminating network protocol vulnerabilities through abstraction and systems language design[C]//Proceedings of the 201321st IEEE International Conference on Network Protocols. Piscataway:IEEE, 2013:1-6. [13] Open Network Foundation. SDN security considerations in the data center[EB/OL].[2015-04-05]. https://www.opennetworking.org/images/stories/downloads/sdn-resources/solution-briefs/sb-security-data-center.pdf. [14] PANKAJ B,MATTEO G,JONATHAN H, et al. ONOS:towards an open, distributed SDN OS[C]//HotSDN 2014:Proceedings of the 3rd ACM SIGCOMM 2014 Workshop on Hot Topics in Software Defined Networking. New York:ACM, 2014:1-6. [15] KOPONEN T, CASADO M, GUDE N, et al. Onix:a distributed control platform for large-scale production networks[C]//Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation. Berkley:USENIX Association, 2010:1-6. [16] YAZICI V, SUNAY M O, ERCAN A O. Controlling a software-defined network via distributed controllers[C]//Proceedings of the 2012 NEM Summit. Istanbul:[s.n.], 2014:16-20. [17] ADELSBACH A, ALESSANDRI D, CACHIN C, et al. Conceptual model and architecture of MAFTIA[EB/OL].[2015-05-02]. http://www.researchgate.net/publication/243775799_Conceptual_Model_and_Architecture_of_MAFTIA. [18] PAL P, WEBBER F, SCHANTZ R. The DPASA survivable JBI-a high-water mark in intrusion tolerant systems[C/OL]//Proceedings of the 2007 Workshop on Recent Advances in Intrusion Tolerant Systems. New York:ACM, 2007.[2015-05-06]. http://wraits07.di.fc.ul.pt/4.pdf. [19] LI H, LI P, GUO S, et al. Byzantine-resilient secure software-defined networks with multiple controllers in cloud[J]. IEEE Transactions on Cloud Computation, 2014, 2(4):436-447. [20] KIM H, SANTOS J R, TURNER Y, et al.CORONET:Fault tolerance for software defined networks[C]//Proceedings of the 20th IEEE International Conference on Network Protocols. Piscataway:IEEE, 2012:1-2. [21] BEHESHTI N,ZHANG Y. Fast failover for control traffic in software-defined networks[C]//Proceedings of the 2012 IEEE Global Communications Conference. Piscataway:IEEE, 2665-2670. [22] SAIDANE A, NICOMETTE V, DESWARTE Y. The design of a generic intrusion-tolerant architecture for web servers[J]. IEEE Transactions on Dependable and Secure Computing, 2009, 6(1):45-58. [23] BRAY R, CID D. OSSEC host-based intrusion detection guide[M]. Burlington:Syngress, 2008:305-307. [24] SHERWOOD R, GIBB G, YAP K-K, et al. FlowVisor:a network virtualization layer, OPENFLOW-TR-2009-1[R/OL].[2015-05-01]. http://archive.openflow.org/downloads/technicalreports/openflow-tr-2009-1-flowvisor.pdf. [25] LEVY J, SAIDI H, URIBE T E. Combining monitors for runtime system verification[J]. Elsevier Science Electronic Notes in Theoretical Computer Science, 2002, 70(4):112-127. |