Projects per year
Abstract
OpenFlow flow tables in Open vSwitch contain valuable information about installed flows, priorities, packet actions and routing policies. Their importance is emphasised when collocated tenants compete for the limited entries available to install flow rules. OpenFlow flow tables are a security asset that requires confidentiality and integrity guarantees. However, commodity software switch implementations - such as Open vSwitch - do not implement protection mechanisms capable to prevent attackers from obtaining information about the installed flows or modifying flow tables. We adopt a novel approach to enabling OpenFlow flow table protection through decomposition. We identify core assets requiring security guarantees, isolate OpenFlow flow tables through decomposition and implement a prototype using Open vSwitch and Software Guard Extensions enclaves. An evaluation of the prototype on a distributed testbed both demonstrates that the approach is practical and indicates directions for further improvements.
Original language | English |
---|---|
Title of host publication | IEEE Conference on Network Function Virtualization and Software Defined Networks |
Subtitle of host publication | (NFV-SDN) |
Publisher | IEEE - Institute of Electrical and Electronics Engineers Inc. |
ISBN (Electronic) | 978-1-7281-4545-7 |
ISBN (Print) | 978-1-7281-4546-4 |
DOIs | |
Publication status | Published - 2020 Mar 19 |
Event | IEEE Conference on Network Function Virtualization and Software Defined Networks - Dallas, United States Duration: 2019 Nov 12 → 2019 Nov 14 |
Conference
Conference | IEEE Conference on Network Function Virtualization and Software Defined Networks |
---|---|
Country/Territory | United States |
City | Dallas |
Period | 2019/11/12 → 2019/11/14 |
Subject classification (UKÄ)
- Computer Systems
Keywords
- Software Defined Networks
- confidentiality
- Software Guard Extentions
- Integrity
Fingerprint
Dive into the research topics of 'Protecting OpenFlow using Intel SGX'. Together they form a unique fingerprint.Projects
- 1 Finished
-
SMARTY: Säkra mjukvaruuppdateringar för den smarta staden
Hell, M., Magnusson, B., Gehrmann, C., Paladi, N., Karlsson, L., Sönnerup, J., Johnsson, B. A., Hedin, G., Nordahl, M., Pagnin, E., Kundu, R. & Åkesson, A.
Swedish Foundation for Strategic Research, SSF
2018/03/01 → 2023/02/28
Project: Research