A Dynamic Access Control Method for SDN

Aiming at the problem that network topology changes frequently in SDN (Software Defined Network) environment and it is difficult to implement fine-grained access control, utilizing the characteristics of SDN transfer control separation and software programming, the ABAC model (Attribute-Based Access Control) is extended by introducing security level, and the security level is defined for the attributes of subject and object to establish the access mapping relationship based on mandatory access rules. At the same time, with secure access path as SDN access control attribute, a dynamic generation method of access control path based on PSO (Particle Swarm Optimization) algorithm is designed to ensure the security of access data flow. The prototype system experiments show that the proposed method takes into account the fine-grained and dynamic requirements of SDN access control, and im-proves the access security of SDN while ensuring the access efficiency.

and the access data object may change in real time. At the same time, the node may access and exit continuously, reflecting a strong dynamic. Therefore, SDN-oriented access control mechanism needs to solve dynamic problems such as timely update of access nodes and active adjustment of access rights [4]. Traditional access control models for enclosed environments, such as DAC (Discretionary Access Control), MAC (Mandatory Access Control), RBAC (Role-Based Access Control), require preset node-privilege correspondence and SDN access [5] [6]. The dynamic nature of control makes it necessary to update the preset node-privilege correspondence frequently, which makes the traditional access control model difficult to meet the needs of fine-grained control and dynamic adjustment of access privileges in SDN environment. Attribute-based access control model ABAC [7] does not directly define the authorization relationship between the subject and the object. It uses the attributes between the subject and the object as the basis of authorization decision-making, so as to solve the problems of fine-grained access control in complex network information systems and the dynamic changes of nodes in large-scale networks. Compared with classical access control models such as RBAC and Biba, it is more suitable for the dynamic and scalable requirements of SDN environment.
For this reason, this paper integrates BLP and BIBA mandatory access control mechanism, extends attribute-based access control ABAC model, designs new access control rules for E-ABAC, takes the security level of switching equipment as SDN environment attribute, designs a secure path planning method based on PSO algorithm, and makes full use of SDN flow table update characteristics to ensure data flow security.

E-ABAC Model Based on Security Level
BLP and Biba are traditional mandatory access control models, which focus on the protection of confidentiality and integrity, but they are not suitable for new network environments. ABAC models are usually used to solve the access control problems in dynamic scenarios of nodes, but lack of consideration of confidentiality and integrity. In this scheme, ABAC is combined with BLP and Biba models, and the security level definition is introduced to extend ABAC to meet the access control requirements in large-scale distributed network environment.

E-ABAC (Extended ABAC) Model
In order to effectively combine the hierarchical ideas of BLP and Biba models with the flexibility of ABAC models, the following definitions are given in this paper.
Define1Entity Attribute EA. EA (id, value, w) is a variable used to describe the basic characteristics of entities, including entity attribute identification, entity attribute range, attribute weight. Among them, weights are divided into two categories, w(c) denotes classified weights of confidentiality and w(i) is classified weights of integrity.
Define 2E-ABAC Model. E-ABAC stands for {SA, OA, EA, PU} and represents the principal attribute set, the customer attribute set, the environment attribute set and the access priority set, respectively. Define 3 Attribute Range V. V denotes the range of values of specific attributes a. Here we quantify its specific values as a set of values Φ . If there are x kinds of attributes in common, then the set of attributes is . Each attribute has its own value space, assuming that the range of value of a 1 is defined as , then the global attribute value range is defined as For example, if the value range of attribute a 1 is (1, 10], the higher the security level is, the lower the convention is that the value of attribute a 1 approaches the maximum value of 10. In practical application, the range can be defined according to the need to ensure that the attribute values can be calculated. an entity e, its security value is: Among them, denotes an operation mode, which can be used to calculate the values of confidentiality and integrity simply by adding. When the subject accesses the object, the security level of the subject and the object needs to correspond.

New Access Control Rules
Define 5 Operation Behavior A. S is the main body set, O is the object set, A = {action | r, e, w, x} is the operation behavior set, where r means read-only and not write, e means write-only and not read, w means both read and write, x means execution. Definition 6 Invoke indicates that a subject s calls an object o in some way y. i (s: a 1 , ..., a n ) is a collection of all the ways to call object o, i.e.
According to BLP and Biba mandatory access control rules, when the security level of the subject is exactly the same as that of the object, the subject can read and write the object. However, in E-ABAC, the security level of subject and object is a relatively accurate value, which is a refined representation of the security of subject and object. If BLP and BIBA are used directly, the scope of object that a particular subject can read and write at the same time will be smaller, and there will be almost no qualified access object except the subject. Except for the object created by the object, other objects are not satisfied with the entirely equal security value of the subject. Therefore, this paper presents an access control rule that integrates BLP confidentiality and BIBA integrity model.
Based on the security range, the definition of security level domain can be given, where C s+ is the upper limit of the confidentiality value of the access subject, C s-is the lower limit of the confidentiality value of the access subject. Similarly, I c+ and I c-are the upper and lower limits of the integrity value of the subject, while C o and I o are the current confidentiality and integrity value of the access object.
That is, when the upper limit of subject confidentiality value is greater than that of object confidentiality value, the subject can read and access the object. When the lower limit of the subject confidentiality range is less than the object confidentiality value, the subject can write access to the object.
Inference 2 E-ABAC Integrity When the upper limit of the subject integrity range is not less than the object integrity value, the subject can write to the object, and when the lower limit of the subject integrity range is not more than the object integrity value, the subject can read to the object.
According to Reasoning 1 and Reasoning 2, E-ABAC access control rules can be obtained: It should be noted that when a write operation occurs, if the subject's confidentiality value is higher than the object's, the object's confidentiality value should be increased; if the subject's confidentiality value is lower than the object's confidentiality value, the object's confidentiality value will remain unchanged. If the value of subject integrity is higher than that of object integrity, the value of object integrity remains unchanged. If the value of subject integrity is lower than that of object integrity, the value of object integrity should be reduced. The E-ABAC architecture based on the above model is illustrated below Figure 1.
Among them, attribute authority (AA) is responsible for creating and managing the attributes and initial security values of subject, object and environment. Policy enforcement point (PEP) is responsible for requesting access decision and implementation. Policy Decision point (PDP) is responsible for assessing applicable security policies and making authorization decisions.
The security management engine (SM Engine) is responsible for establishing and storing the mapping value of the subject and object attributes. The security value calculation module (SV) is used to calculate and manage the security value of the subject and object, and the results are fed back to PDP, mainly including the mapping set of the subject and object attributes.
In SDN, the access subject is usually the user, the object is usually the service resource, and the access control decision point is the SDN switch. The access control strategy is generated by the SDN controller. At the same time, SDN environment attributes mainly consider the security of forwarding data flow between switches. This attribute authority provides decision support for PDP. Its specific rules in the implementation of access control are detailed in the next section. Table   SDN is characterized by the separation of data forwarding and control. Its flow table mechanism provides technical support for the implementation of data forwarding access control. When a SDN user authenticates successfully based on the previous E-ABAC model, data forwarding is required. The SDN controller generates the corresponding flow table based on the access policy of the security level of the host and the object, and sends it to the corresponding SDN switch. All data packets from the user are forwarded according to the access rules. Considering the constraints of environment attributes in ABAC model, the forwarding device, SDN switch, is taken as the environment factor in access control. A path planning method oriented to secure access relationship between host and object is designed, which makes the normal access of the host and object data meet the security requirements in the forwarding process and ensures secure access control.

Secure Path Planning Algorithms
The classical path planning method uses the shortest path algorithm, but in SDN environment with different security levels, the security levels of different subnets or application domains are different, and the corresponding forwarding devices have different sensitivity levels. In order to ensure that the data is not destroyed in the access process, it is necessary to plan the path to increase the safety requirement. In order to obtain the optimal path of multi-level security and multi-switching nodes, this paper uses Particle Swarm Optimization (PSO) [8] algorithm to solve the problem.
Particle Swarm Optimization (PSO) is a modern evolutionary algorithm with concise form, fast convergence and flexible parameter adjustment mechanism, which simulates the foraging behavior of bird clusters in flight. It has been successfully applied to the solution of path search and optimization problems.
In particle swarm optimization, a massless particle i can be represented by position vector and velocity vector. Among them, N represents the number of particles in the population. Particles in a population update their speed and position in evolution by following formulas: Among them, t represents the number of iterations, 0 w ≥ represents the inertial compression factor, 1 2 , 0 c c ≥ represents the acceleration factor,  Definition of variables A particle swarm δ is formed by all nodes of SDN network (except source host node and target host node) that need path planning. δ consists of m particles, corresponding to switch nodes in the network. The speed and mass definitions of each particle correspond to its attribute values.  Constraints The mapping between source and target potentially represents the security level SLV of an access process. When planning a path, the security level of all the exchanges passing through must not be lower than that of ( , ) MAP s d , that is , which is used as the inertia parameter w of particles.

 Steps of Algorithms
The specific steps of the algorithm are described as follows: Step 1 initializes the particle swarm, sets the size of the population N, randomly generates the initial positionx 0 and velocity v o of each particle, and sets the number t = 0 of iterations.
Step 2 uses the championship selection strategy proposed in [9] to compare the current individual extreme value and individual historical optimum value, and uses this method to select the global extreme value [1] gBest and [2] gBest of the population.
Step 3 updates the position and velocity of the population particles according to Formula (1).
Step 4 If the iteration condition is satisfied; it will output the last generation of population individuals, namely Pareto optimal solution; otherwise, it will return to Step 2.

Implementation and Evaluation
After the text edit has been completed, the paper is ready for the template. Duplicate the template file by using the Save As command, and use the naming convention prescribed by your journal for the name of your paper. In this newly created file, highlight all of the contents and import your prepared text file. You are now ready to style your paper.

Prototype Implementation
Based on the scheme of [4], this paper implements the prototype system and constructs the experimental environment as shown in the following Figure 2.
Among them, the authentication server uses FreeRADIUS [10] to realize SV function, all authentications and authorization resources are stored in Mysql database; the Authenticator uses the 802.1× host pad [11] to realize PDP. The controller is based on POX [12], which mainly includes the second layer forwarding and AA, SME modules designed in this paper. It uses OpenFlow 1.3 to cooperate with the switch. The protocol of SSL (Secure Socket Layer) is used to communicate with the discriminator, the analog network of 5 fully connected Openvswitch switches is built based on Mininet [13], communication between Journal of Computer and Communications

Experiment and Result Analysis
In this section, through experiments, the security and operational efficiency of the scheme are analyzed and compared.  Access Control Verification Based on E-ABAC For host a1 , host a2 and host d , the attribute values shown in the following Table 1 are set according to the application requirements, including OS version (OS), security protection (firewall FW, IPS, etc.) and user password (pwd), attribute security level value, integrity weight (w(i)) and machine. The density weight value (w(c) is set by SDN controller according to AA feedback value before implementing access control, and dynamically adjusted according to application requirements. After each adjustment, the security value is recalculated.
According to the formula for calculating the security value of E-ABAC model (1), the security value ( ) , s slv c i of confidentiality and integrity of host a1 can be obtained as follows, According to the E-ABAC model access rule (2) -(4), the access permission of host a1 and host a2 to different services of host d is shown in the following Table 2. All accessible behaviors are based on access rules (4), such as only host a1 can read and write WEB services.
From the table, we can see that the E-ABAC model can not only take into account the attribute-based access method, but also effectively implement BLP and Biba mandatory access, which can meet the application requirements of SDN accessing entities with strong mobility and frequent topology updates, and achieve dynamic access control.  Path Planning Efficiency Based on PSO In order to verify the efficiency of SDN service access based on E-ABAC model, this paper tests the service response time under different number of concurrent requests (100, 200, 300, 400) and different number of attributes (0, 2, 4, 6). The results are shown in the following Figure 3.
The results show that the increasing number of concurrent requests has little effect on the service response time, because the PSO-based path planning algorithm has high efficiency. For a small SDN network composed of five switches, the algorithm can converge quickly and get the optimal path. However, if the number of attributes exceeds 4, the response time will increase greatly. Therefore, when using E-ABAC model to implement access control, it is necessary to consider restricting the number of attributes. Journal of Computer and Communications

Conclusion
Aiming at the problem that SDN is difficult to implement fine-grained and hierarchical access control, this paper combines the existing mandatory access control mechanism and extends the ABAC model. On the one hand, BLP and Biba models are integrated into ABAC to make access decisions based on security level values, so as to realize flexible and fine-grained access control. On the other hand, SDN switches are regarded as environment attributes. Security path planning based on PSO algorithm ensures the security of access flow. Experiments show that the model can meet the requirements of dynamic access control for SDN, and has little impact on response time. Next we will run our system at hardware switches and improve the implementation feasible for a more practical deployment.