Trust Anchors in Software Defined Networks

Research output: Chapter in Book/Report/Conference proceedingPaper in conference proceeding

Abstract

Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.

Details

Authors
Organisations
External organisations
  • RISE SICS AB
  • KTH Royal Institute of Technology
Research areas and keywords

Subject classification (UKÄ) – MANDATORY

  • Communication Systems
Original languageEnglish
Title of host publication23rd European Symposium on Research in Computer Security, ESORICS 2018
PublisherSpringer
Pages485-505
Number of pages20
Volume11099
ISBN (Electronic)978-3-319-98989-1
ISBN (Print)978-3-319-98988-4
Publication statusPublished - 2018 Aug 7
Publication categoryResearch
Peer-reviewedYes
EventEuropean Symposium on Research in Computer Security - Barcelona, Spain
Duration: 2018 Sep 32018 Sep 7
Conference number: 23
https://esorics2018.upc.edu/

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume11009
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceEuropean Symposium on Research in Computer Security
Abbreviated titleESORICS
CountrySpain
CityBarcelona
Period2018/09/032018/09/07
Internet address

Total downloads

No data available

Related research output

Linus Karlsson, 2019 Sep 30, Department of Electrical and Information Technology, Lund University. 205 p.

Research output: ThesisDoctoral Thesis (compilation)

View all (1)