Bootstrapping trust in software defined networks

Nicolae Paladi; Christian Gehrmann

doi:10.4108/eai.7-12-2017.153397

Bootstrapping trust in software defined networks

Nicolae Paladi, Christian Gehrmann

RISE SICS AB

Research output: Contribution to journal › Article › peer-review

Abstract

Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific preshared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

Original language	English
Journal	EAI Endorsed Transactions on Security and Safety
Volume	4
Issue number	1
DOIs	https://doi.org/10.4108/eai.7-12-2017.153397
Publication status	Published - 2017

Subject classification (UKÄ)

Other Computer and Information Science

Access to Document

10.4108/eai.7-12-2017.153397Licence: CC BY

Cite this

@article{d02b795b42a945b6b4fda0d7a8da6e82,

title = "Bootstrapping trust in software defined networks",

abstract = "Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific preshared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.",

author = "Nicolae Paladi and Christian Gehrmann",

year = "2017",

doi = "10.4108/eai.7-12-2017.153397",

language = "English",

volume = "4",

journal = "EAI Endorsed Transactions on Security and Safety ",

issn = "2032-9393",

number = "1",

}

TY - JOUR

T1 - Bootstrapping trust in software defined networks

AU - Paladi, Nicolae

AU - Gehrmann, Christian

PY - 2017

Y1 - 2017

N2 - Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific preshared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

AB - Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific preshared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

U2 - 10.4108/eai.7-12-2017.153397

DO - 10.4108/eai.7-12-2017.153397

M3 - Article

SN - 2032-9393

VL - 4

JO - EAI Endorsed Transactions on Security and Safety

JF - EAI Endorsed Transactions on Security and Safety

IS - 1

ER -

Bootstrapping trust in software defined networks

Abstract

Subject classification (UKÄ)

Access to Document

Fingerprint

Cite this