Trust Anchors in Software Defined Networks

Nicolae Paladi; Linus Karlsson; Khalid Elbashir

doi:10.1007/978-3-319-98989-1_24

Trust Anchors in Software Defined Networks

Nicolae Paladi, Linus Karlsson, Khalid Elbashir

Research output: Chapter in Book/Report/Conference proceeding › Paper in conference proceeding › peer-review

260 Downloads (Pure)

Abstract

Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.

Original language	English
Title of host publication	23rd European Symposium on Research in Computer Security, ESORICS 2018
Publisher	Springer
Pages	485-505
Number of pages	20
Volume	11099
ISBN (Electronic)	978-3-319-98989-1
ISBN (Print)	978-3-319-98988-4
DOIs	https://doi.org/10.1007/978-3-319-98989-1_24
Publication status	Published - 2018 Aug 7
Event	European Symposium on Research in Computer Security - Barcelona, Spain Duration: 2018 Sept 3 → 2018 Sept 7 Conference number: 23 https://esorics2018.upc.edu/

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	11009
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	European Symposium on Research in Computer Security
Abbreviated title	ESORICS
Country/Territory	Spain
City	Barcelona
Period	2018/09/03 → 2018/09/07
Internet address	https://esorics2018.upc.edu/

Subject classification (UKÄ)

Communication Systems

Access to Document

10.1007/978-3-319-98989-1_24

trust_anchors_sdnAccepted author manuscript, 364 KB

1 Doctoral Thesis (compilation)

Contributions to Preventive Measures in Cyber Security
Karlsson, L., 2019 Sept 30, Department of Electrical and Information Technology, Lund University. 205 p.
Research output: Thesis › Doctoral Thesis (compilation)

Open Access
File

Cite this

@inproceedings{e557309e0d7a41e9909fc3c56e61a80e,

title = "Trust Anchors in Software Defined Networks",

abstract = "Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.",

author = "Nicolae Paladi and Linus Karlsson and Khalid Elbashir",

year = "2018",

month = aug,

day = "7",

doi = "10.1007/978-3-319-98989-1_24",

language = "English",

isbn = "978-3-319-98988-4",

volume = "11099",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "485--505",

booktitle = "23rd European Symposium on Research in Computer Security, ESORICS 2018",

address = "Germany",

note = "European Symposium on Research in Computer Security, ESORICS ; Conference date: 03-09-2018 Through 07-09-2018",

url = "https://esorics2018.upc.edu/",

}

Paladi, N, Karlsson, L & Elbashir, K 2018, Trust Anchors in Software Defined Networks. in 23rd European Symposium on Research in Computer Security, ESORICS 2018. vol. 11099, Lecture Notes in Computer Science, vol. 11009, Springer, pp. 485-505, European Symposium on Research in Computer Security, Barcelona, Spain, 2018/09/03. https://doi.org/10.1007/978-3-319-98989-1_24

TY - GEN

T1 - Trust Anchors in Software Defined Networks

AU - Paladi, Nicolae

AU - Karlsson, Linus

AU - Elbashir, Khalid

N1 - Conference code: 23

PY - 2018/8/7

Y1 - 2018/8/7

N2 - Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.

AB - Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.

U2 - 10.1007/978-3-319-98989-1_24

DO - 10.1007/978-3-319-98989-1_24

M3 - Paper in conference proceeding

SN - 978-3-319-98988-4

VL - 11099

T3 - Lecture Notes in Computer Science

SP - 485

EP - 505

BT - 23rd European Symposium on Research in Computer Security, ESORICS 2018

PB - Springer

T2 - European Symposium on Research in Computer Security

Y2 - 3 September 2018 through 7 September 2018

ER -

Trust Anchors in Software Defined Networks

Abstract

Publication series

Conference

Subject classification (UKÄ)

Access to Document

Fingerprint

Research output

Contributions to Preventive Measures in Cyber Security

Cite this