<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">mais</journal-id><journal-title-group><journal-title xml:lang="ru">Моделирование и анализ информационных систем</journal-title><trans-title-group xml:lang="en"><trans-title>Modeling and Analysis of Information Systems</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1818-1015</issn><issn pub-type="epub">2313-5417</issn><publisher><publisher-name>Yaroslavl State University</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.18255/1818-1015-2017-6-755-759</article-id><article-id custom-type="elpub" pub-id-type="custom">mais-612</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>Оригинальные статьи</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>Articles</subject></subj-group></article-categories><title-group><article-title>Семантические средства обеспечения безопасности в программно-конфигурируемых сетях</article-title><trans-title-group xml:lang="en"><trans-title>Semantic Security Methods for Software-Defined Networks</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-1081-1758</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Антошина</surname><given-names>Екатерина Юрьевна</given-names></name><name name-style="western" xml:lang="en"><surname>Antoshina</surname><given-names>Ekaterina Ju.</given-names></name></name-alternatives><bio xml:lang="ru"><p>аспирант, ассистент</p></bio><bio xml:lang="en"><p>gradeuate student</p></bio><email xlink:type="simple">kantoshina@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-0553-7387</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Чалый</surname><given-names>Дмитрий Юрьевич</given-names></name><name name-style="western" xml:lang="en"><surname>Chalyy</surname><given-names>Dmitry Ju.</given-names></name></name-alternatives><bio xml:lang="ru"><p>канд. физ.-мат. наук, декан факультета информатики и вычислительной техники</p></bio><bio xml:lang="en"><p>PhD</p></bio><email xlink:type="simple">chaly@uniyar.ac.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Ярославский государственный университет им. П.Г. Демидова</institution><country>Россия</country></aff><aff xml:lang="en"><institution>P.G. Demidov Yaroslavl State University</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2017</year></pub-date><pub-date pub-type="epub"><day>18</day><month>12</month><year>2017</year></pub-date><volume>24</volume><issue>6</issue><fpage>755</fpage><lpage>759</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Антошина Е.Ю., Чалый Д.Ю., 2017</copyright-statement><copyright-year>2017</copyright-year><copyright-holder xml:lang="ru">Антошина Е.Ю., Чалый Д.Ю.</copyright-holder><copyright-holder xml:lang="en">Antoshina E.J., Chalyy D.J.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.mais-journal.ru/jour/article/view/612">https://www.mais-journal.ru/jour/article/view/612</self-uri><abstract><p>Программно-конфигурируемые сети являются многообещающей технологией построения коммуникационных сетей, в которой управление сетью в отличие от традиционного подхода, основанного на конфигурировании отдельных устройств, представляет собой программу, автоматически задающую конфигурацию сети. Это управляющее программное обеспечение позволяет динамически настраивать маршрутизацию информационных потоков внутри сети в зависимости от требований к качеству обслуживания. Однако при этом возникает задача обеспечения безопасности передачи данных [2,3], например, чтобы потоки от конфиденциальных узлов не могли достигать открытого сегмента сети. В статье показано, как эта задача может быть решена с использованием семантических средств.</p><p> </p></abstract><trans-abstract xml:lang="en"><p>Software-defined networking is a promising technology for constructing communication networks where the network management is the software that configures network devices. This contrasts with the traditional point of view where the network behaviour is updated by manual configuration uploading to devices under control. The software controller allows dynamic routing configuration inside the net depending on the quality of service. However, there must be a proof that ensures that every network flow is secure, for example, we can define security policy as follows: confidential nodes can not send data to the public segment of the network. The paper shows how this problem can be solved by using a semantic security model. We propose a method that allows us to construct semantics that captures necessary security properties the network must follow. This involves the specification that states allowed and forbidden network flows. The specification is then modeled as a decision tree that may be reduced. We use the decision tree for semantic construction that captures security requirements. The semantic can be implemented as a module of the controller software so the correctness of the control plane of the network can be ensured on-the-fly.</p><p> </p></trans-abstract><kwd-group xml:lang="ru"><kwd>безопасность</kwd><kwd>семантика</kwd><kwd>программно-конфигурируемые сети</kwd></kwd-group><kwd-group xml:lang="en"><kwd>security</kwd><kwd>semantics</kwd><kwd>software-defined networks</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Sabelfeld A, Myers A.C., “Language-Based Information-Flow Security”, IEEE Journal on Selected Areas in Communications, 2003, № 21, 5–19.</mixed-citation><mixed-citation xml:lang="en">Sabelfeld A, Myers A.C., “Language-Based Information-Flow Security”, IEEE Journal on Selected Areas in Communications, 2003, № 21, 5–19.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Smeliansky R.L., “SDN for Network Security”, Proc. of Int. Conf. "Modern Networking Technologies (MoNeTec), 2014, 86–95.</mixed-citation><mixed-citation xml:lang="en">Smeliansky R.L., “SDN for Network Security”, Proc. of Int. Conf. "Modern Networking Technologies (MoNeTec), 2014, 86–95.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Casado M., Foster N., Guha A., “Abstractions for Software-Defined Networks”, Communications of the ACM, 57:10 (2014), 86–95.</mixed-citation><mixed-citation xml:lang="en">Casado M., Foster N., Guha A., “Abstractions for Software-Defined Networks”, Communications of the ACM, 57:10 (2014), 86–95.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Foster N., Freedman M.J., Monasanto Ch., Rexford J., Story A., Walker D., “Splendid Isolation: A Slice Abstraction for Software-Defined Networks”, CM Int. Conf. on Functional Programming, 2011, 279—291.</mixed-citation><mixed-citation xml:lang="en">Foster N., Freedman M.J., Monasanto Ch., Rexford J., Story A., Walker D., “Splendid Isolation: A Slice Abstraction for Software-Defined Networks”, CM Int. Conf. on Functional Programming, 2011, 279—291.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">McKeown N., Anderson T., Balakrishnan H., Parulkar G., Kozen D., Peterson L., Rexford J., Shenker S., Turner J., “OpenFlow: Enabling Innovation in Campus Networks”, SIGCOMM Computer Communications Review, 38:2 (2008), 69–74.</mixed-citation><mixed-citation xml:lang="en">McKeown N., Anderson T., Balakrishnan H., Parulkar G., Kozen D., Peterson L., Rexford J., Shenker S., Turner J., “OpenFlow: Enabling Innovation in Campus Networks”, SIGCOMM Computer Communications Review, 38:2 (2008), 69–74.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Antoshina E.Ju., Nikitin E.S., Chalyy D.Ju., Sokolov V.A., “End-to-end Information Flow Security Model for Software-Defined Networks”, Modeling and Analysis of Information Systems, 22:6 (2015), 735–749.</mixed-citation><mixed-citation xml:lang="en">Antoshina E.Ju., Nikitin E.S., Chalyy D.Ju., Sokolov V.A., “End-to-end Information Flow Security Model for Software-Defined Networks”, Modeling and Analysis of Information Systems, 22:6 (2015), 735–749.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
