Trust Anchors in Software Defined Networks

Nicolae Paladi, Linus Karlsson, Khalid Elbashir

Research output: Chapter in Book/Report/Conference proceedingPaper in conference proceedingpeer-review

297 Downloads (Pure)


Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.
Original languageEnglish
Title of host publication23rd European Symposium on Research in Computer Security, ESORICS 2018
Number of pages20
ISBN (Electronic)978-3-319-98989-1
ISBN (Print)978-3-319-98988-4
Publication statusPublished - 2018 Aug 7
EventEuropean Symposium on Research in Computer Security - Barcelona, Spain
Duration: 2018 Sept 32018 Sept 7
Conference number: 23

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceEuropean Symposium on Research in Computer Security
Abbreviated titleESORICS
Internet address

Subject classification (UKÄ)

  • Communication Systems


Dive into the research topics of 'Trust Anchors in Software Defined Networks'. Together they form a unique fingerprint.

Cite this