SDN-Driven Authentication and Access Control System

摘要

Attempts to secure the enterprise network even when using strong AAA (authentication, authorization and accounting) schemes meet the user box spoofing and security middle boxes (firewalls and other filtering tools) bypassing problems. To strengthen the network security level, the names (users, addresses) and user machines must be bound tightly to the unambiguously defined network appliances and its ports. Using traditional network architecture these solutions are difficult to realize. The SDN framework allows to solve these problems more sharply and securely. The AAA design based on the Software Defined Networks (SDN) structure is presented in this paper. It is shown that it is possible to reuse the preexisting authentication and account infrastructure as well as part of network hardware and warrant the tight binding of user/device to the topology.