TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

Nicolae Paladi; Christian Gehrmann

doi:10.1007/978-3-319-59608-2_6

TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

Nicolae Paladi, Christian Gehrmann

RISE, Swedish Institute of Computer Science (SICS)

Research output: Chapter in Book/Report/Conference proceeding › Paper in conference proceeding › peer-review

Abstract

Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

Original language	English
Title of host publication	Security and Privacy in Communication Networks
Subtitle of host publication	12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings
Publisher	Springer
Pages	104-124
Number of pages	21
ISBN (Electronic)	978-3-319-59608-2
ISBN (Print)	978-3-319-59607-5
DOIs	https://doi.org/10.1007/978-3-319-59608-2_6
Publication status	Published - 2016 Oct 10
Externally published	Yes
Event	12th International Conference, SecureComm 2016 - Guangzhou, China Duration: 2016 Oct 10 → 2016 Oct 12

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Publisher	Springer
Volume	198
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Conference	12th International Conference, SecureComm 2016
Country/Territory	China
City	Guangzhou
Period	2016/10/10 → 2016/10/12

Subject classification (UKÄ)

Communication Systems

Access to Document

10.1007/978-3-319-59608-2_6

https://link.springer.com/chapter/10.1007/978-3-319-59608-2_6

1 Doctoral Thesis (compilation)

Trust but Verify: Trust Establishment Mechanisms in Infrastructure Clouds
Paladi, N., 2017 Sept 4, 1 ed. Lund: The Department of Electrical and Information Technology. 224 p.
Research output: Thesis › Doctoral Thesis (compilation)

Open Access
File

Cite this

Paladi, N., & Gehrmann, C. (2016). TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. In Security and Privacy in Communication Networks: 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings (pp. 104-124). (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ; Vol. 198). Springer. https://doi.org/10.1007/978-3-319-59608-2_6

Paladi, Nicolae ; Gehrmann, Christian. / TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. Security and Privacy in Communication Networks: 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings. Springer, 2016. pp. 104-124 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ).

@inproceedings{32c637e9809c4d42b65f7d1b50d52c65,

title = "TruSDN: Bootstrapping Trust in Cloud Network Infrastructure",

abstract = "Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.",

author = "Nicolae Paladi and Christian Gehrmann",

year = "2016",

month = oct,

day = "10",

doi = "10.1007/978-3-319-59608-2_6",

language = "English",

isbn = "978-3-319-59607-5",

series = "Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ",

publisher = "Springer",

pages = "104--124",

booktitle = "Security and Privacy in Communication Networks",

address = "Germany",

note = "12th International Conference, SecureComm 2016 ; Conference date: 10-10-2016 Through 12-10-2016",

}

Paladi, N & Gehrmann, C 2016, TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. in Security and Privacy in Communication Networks: 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering , vol. 198, Springer, pp. 104-124, 12th International Conference, SecureComm 2016, Guangzhou, China, 2016/10/10. https://doi.org/10.1007/978-3-319-59608-2_6

TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. / Paladi, Nicolae ; Gehrmann, Christian.

Security and Privacy in Communication Networks: 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings. Springer, 2016. p. 104-124 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ; Vol. 198).

Research output: Chapter in Book/Report/Conference proceeding › Paper in conference proceeding › peer-review

TY - GEN

T1 - TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

AU - Paladi, Nicolae

AU - Gehrmann, Christian

PY - 2016/10/10

Y1 - 2016/10/10

N2 - Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

AB - Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

U2 - 10.1007/978-3-319-59608-2_6

DO - 10.1007/978-3-319-59608-2_6

M3 - Paper in conference proceeding

SN - 978-3-319-59607-5

T3 - Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

SP - 104

EP - 124

BT - Security and Privacy in Communication Networks

PB - Springer

T2 - 12th International Conference, SecureComm 2016

Y2 - 10 October 2016 through 12 October 2016

ER -

Paladi N , Gehrmann C. TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. In Security and Privacy in Communication Networks: 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings. Springer. 2016. p. 104-124. (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ). doi: 10.1007/978-3-319-59608-2_6

TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

Abstract

Publication series

Conference

Subject classification (UKÄ)

Access to Document

Fingerprint

Research output

Trust but Verify: Trust Establishment Mechanisms in Infrastructure Clouds

Cite this