基於 P4 的零信任網路與 QoS 的應用｜國立臺灣科技大學博碩士論文系統

簡易檢索 / 詳目顯示

回結果列表

研究生：	李品萱 Pin-Hsuan Lee
論文名稱：	基於 P4 的零信任網路與 QoS 的應用 Implemented Zero Trust Network on P4 with QoS
指導教授：	沈上翔 Shan-Hsiang Shen
口試委員:	沈中安黃琴雅
學位類別：	碩士 Master
系所名稱：	電資學院 - 資訊工程系 Department of Computer Science and Information Engineering
論文出版年：	2024
畢業學年度：	112
語文別：	中文
論文頁數：	23
中文關鍵詞：	P4 、HTTP 、零信任網路、服務品質
外文關鍵詞：	P4, HTTP, Zero Trust Architecture, QoS
相關次數：	點閱：202 下載：0
分享至:	分享至facebook 分享至twitter

查詢本校圖書館目錄查詢臺灣博碩士論文知識加值系統勘誤回報

上一筆

HTTP 攻擊是針對 Web 伺服器的應用程式層阻斷服務攻擊，其目的在於使目標系統或伺服器的資源耗盡，使服務暫時中斷或停止，使伺服器無法負荷導致網站可用性問題，常見的 HTTP 攻擊手法包括 HTTP 洪泛攻擊、Slow HTTP 攻擊等等。針對此問題，本文提出了一種基於零信任網路的授權機制與 QoS 機制，利用 P4 資料平面的可程式性解析 HTTP 請求，並根據提取的 HTTP 資訊作為授權機制的驗證政策來識別惡意流量，提供更精準的授權，此外，我們的 QoS 機制能透過交換機設置多條 queue 來實現流量控制，提供客戶端不同的頻寬保證，達到 HTTP 權限管理。實驗模擬結果證明，我們的方法可以有效地保護具有不同網路活動的客戶端，並保障不同優先權客戶端的網路服務品質。

HTTP attacks are application layer denial of service on web servers, with the goal of exhausting the target system or server’s resources. As a result, the service is temporarily interrupted or out of service,. Common HTTP attack techniques include HTTP flooding attacks, Slow HTTP attacks, etc. Regarding this issue, we propose an authorization and QoS mechanism based on zero trust architecture. It utilizes the programmability of the P4 data plane to parse HTTP requests and uses the extracted HTTP information as the verification policy of the authorization mechanism to identify illegal traffic to provide more accurate authorization. In addition, our QoS mech- anism can set up multiple queues through the switch to achieve flow con- trol, provide different bandwidth guarantees for clients, and achieve HTTP permission management. Experimental results prove that our method ef- fectively protects clients with different network activities and ensures the network service quality of clients with different priorities.

AbstractinChinese .......................... I
AbstractinEnglish .......................... ii
Acknowledgements.......................... iii
Contents................................ iv
ListofFigures............................. vi
ListofTables ............................. viii
1 Introduction ............................ 1
2 RelatedWork ........................... 3
2.1 零信任網路......................... 3
2.2 P4與QoS.......................... 4
2.3 HTTP攻擊......................... 5
3 Method .............................. 6
3.1 政策與授權機制....................... 6
3.2 QoS機制.......................... 7
3.3 Implementation ....................... 9
3.3.1 解析HTTPMethod................. 10
3.3.2授權......................... 10
4 Evaluation............................. 12
4.1 Scenario1.授權機制.................... 13
4.2 Scenario2.QoS機制.................... 16
5 Conclusions ............................ 21
References............................... 22
                                

[1] netcraft., “June 2023 web server survey: Retrieved 2024-01-02 from https://www.netcraft.com/blog/ june-2023-web-server-survey/.” 1, 5
[2] mckinsey., “Americans are embracing flexible work and they want more of it: Retrieved 2024- 01-02 from https://www.mckinsey.com/industries/real-estate/our-insights/americans-are-embracing- flexible-work-and-they-want-more-of-it/.” 1, 5
[3] PewResearch., “About a third of u.s. workers who can work from home now do so all the time: Re- trieved 2024-01-02 from https://www.pewresearch.org/short-reads/2023/03/30/about-a-third-of-us- workers-who-can-work-from-home-do-so-all-the-time/.” 1, 5
[4] N. Muraleedharan and B. Janet, “Behaviour analysis of http based slow denial of service attack,” in 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). IEEE, 2017, pp. 1851–1856. 1, 5
[5] P4, “P4 open source programming language: Retrieved 2023-09-14 from https://p4.org/.” 1, 5
[6] P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger, D. Talayco, A. Vahdat, G. Varghese et al., “P4: Programming protocol-independent packet processors,” ACM SIGCOMM Computer Communication Review, vol. 44, no. 3, pp. 87–95, 2014. 1, 5
[7] N. F. Syed, S. W. Shah, A. Shaghaghi, A. Anwar, Z. Baig, and R. Doss, “Zero trust architecture (zta): A comprehensive survey,” IEEE Access, vol. 10, pp. 57 143–57 179, 2022. 2.1, 5
[8] C. Zhang, J. He, B. Fan, Y. Gong, S. Li, B. Yin, and Y. Lin, “Tag-based trust evaluation in zero trust architecture,” in 2022 4th International Academic Exchange Conference on Science and Technology Innovation (IAECST). IEEE, 2022, pp. 772–776. 2.1, 5
[9] M. Jakobsson, E. Shi, P. Golle, R. Chow et al., “Implicit authentication for mobile devices,” in Pro- ceedings of the 4th USENIX conference on Hot topics in security, vol. 1. USENIX Association, 2009, pp. 25–27. 2.1, 5
[10] Y. Ashibani, D. Kauling, and Q. H. Mahmoud, “Design and implementation of a contextual-based continuous authentication framework for smart homes,” Applied System Innovation, vol. 2, no. 1, p. 4, 2019. 2.1, 5
[11] K. Benzekki, A. El Fergougui, and A. E. ElAlaoui, “A context-aware authentication system for mobile cloud computing,” Procedia Computer Science, vol. 127, pp. 379–387, 2018. 2.1, 5
[12] B. Turkovic, S. Biswal, A. Vijay, A. Hüfner, and F. Kuipers, “P4qos: Qos-based packet processing with p4,” in 2021 IEEE 7th International Conference on Network Softwarization (NetSoft). IEEE, 2021, pp. 216–220. 2.2, 5
[13] C.-Y. Hsieh, H.-Y. Chen, S.-H. Shen, C.-H. Hung, and T.-N. Lin, “A p4-based content-aware approach to mitigate slow http post attacks,” in Proceedings of the 5th International Workshop on P4 in Europe, 2022, pp. 8–14. 2.2, 5
[14] L. B. Fernandes and L. Camargos, “Bandwidth throttling in a p4 switch,” in 2020 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN). IEEE, 2020, pp. 91–94. 2.2, 5
[15] N. Kitsuwan and E. Oki, “Traffic splitting technique using meter table in software-defined network,” in 2016 IEEE 17th International Conference on High Performance Switching and Routing (HPSR). IEEE, 2016, pp. 108–109. 2.2, 5
[16] K. Hong, Y. Kim, H. Choi, and J. Park, “Sdn-assisted slow http ddos attack defense method,” IEEE Communications Letters, vol. 22, no. 4, pp. 688–691, 2017. 2.3, 5
[17] A. S. da Silva, J. A. Wickboldt, L. Z. Granville, and A. Schaeffer-Filho, “Atlantic: A framework for anomaly traffic detection, classification, and mitigation in sdn,” in NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium. IEEE, 2016, pp. 27–35. 2.3, 5
[18] T. Hirakawa, K. Ogura, B. B. Bista, and T. Takata, “A defense method against distributed slow http dos attack,” in 2016 19th international conference on network-based information systems (NBiS). IEEE, 2016, pp. 152–158. 2.3, 5
[19] Y.-C. Wang and R.-X. Ye, “Credibility-based countermeasure against slow http dos attacks by using sdn,” in 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC). IEEE, 2021, pp. 0890–0895. 2.3, 5
[20] Mininet., “An instant virtual network on your laptop (or other pc)- mininet: Retrieved 2023-09-14 from http://mininet.org/.” 4, 5
[21] ONF., “Collaboratively transforming network infrastructure by leveraging: Retrieved 2023-09-14 from https://opennetworking.org/.” 4, 5
[22] Bmv2., “Implementing your switch target with bmv2: Retrieved 2023-09-14 from http://bmv2.org/.” 4, 5
[23] p4runtime shell., “A shell for p4runtime: Retrieved 2023-09-14 from https:// github.com/ p4lang/ p4runtime-shell/.” 4, 5
[24] iPerf., “The ultimate speed test tool for tcp, udp and sctp: Retrieved 2023-09-14 from https://iperf.fr/.” 4.2, 5
[25] Y.-W. Chen, L.-H. Yen, W.-C. Wang, C.-A. Chuang, Y.-S. Liu, and C.-C. Tseng, “P4-enabled band- width management,” in 2019 20th Asia-Pacific Network Operations and Management Symposium (APNOMS). IEEE, 2019, pp. 1–5. 5

全文公開日期 2027/07/15 (校內網路)
全文公開日期 2027/07/15 (校外網路)
全文公開日期 2027/07/15 (國家圖書館：臺灣博碩士論文系統)

簡易檢索 / 詳目顯示

相關論文