Bootstrapping trust in software defined networks

Research output: Contribution to journalArticlepeer-review

Abstract

Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific preshared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.
Original languageEnglish
JournalEAI Endorsed Transactions on Security and Safety
Volume4
Issue number1
DOIs
Publication statusPublished - 2017

Subject classification (UKÄ)

  • Other Computer and Information Science

Fingerprint

Dive into the research topics of 'Bootstrapping trust in software defined networks'. Together they form a unique fingerprint.

Cite this