TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

Nicolae Paladi; Christian Gehrmann

doi:10.1007/978-3-319-59608-2_6

TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

Nicolae Paladi, Christian Gehrmann

SICS Swedish ICT

Forskningsoutput: Kapitel i bok/rapport/Conference proceeding › Konferenspaper i proceeding › Peer review

Sammanfattning

Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

Originalspråk	engelska
Titel på värdpublikation	Security and Privacy in Communication Networks
Undertitel på värdpublikation	12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings
Förlag	Springer
Sidor	104-124
Antal sidor	21
ISBN (elektroniskt)	978-3-319-59608-2
ISBN (tryckt)	978-3-319-59607-5
DOI	https://doi.org/10.1007/978-3-319-59608-2_6
Status	Published - 2016 okt. 10
Externt publicerad	Ja
Evenemang	12th International Conference, SecureComm 2016 - Guangzhou, Kina Varaktighet: 2016 okt. 10 → 2016 okt. 12

Publikationsserier

Namn	Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Förlag	Springer
Volym	198
ISSN (tryckt)	1867-8211
ISSN (elektroniskt)	1867-822X

Konferens

Konferens	12th International Conference, SecureComm 2016
Land/Territorium	Kina
Ort	Guangzhou
Period	2016/10/10 → 2016/10/12

Ämnesklassifikation (UKÄ)

Kommunikationssystem

Tillgång till dokument

10.1007/978-3-319-59608-2_6

https://link.springer.com/chapter/10.1007/978-3-319-59608-2_6

1 Doktorsavhandling (sammanläggning)

Trust but Verify: Trust Establishment Mechanisms in Infrastructure Clouds
Paladi, N., 2017 sep. 4, 1 uppl. Lund: The Department of Electrical and Information Technology. 224 s.
Forskningsoutput: Avhandling › Doktorsavhandling (sammanläggning)

Öppen tillgång
Fil

Citera det här

Paladi, N., & Gehrmann, C. (2016). TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. I Security and Privacy in Communication Networks: 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings (s. 104-124). (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ; Vol. 198). Springer. https://doi.org/10.1007/978-3-319-59608-2_6

Paladi, Nicolae ; Gehrmann, Christian. / TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. Security and Privacy in Communication Networks: 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings. Springer, 2016. s. 104-124 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ).

@inproceedings{32c637e9809c4d42b65f7d1b50d52c65,

title = "TruSDN: Bootstrapping Trust in Cloud Network Infrastructure",

abstract = "Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.",

author = "Nicolae Paladi and Christian Gehrmann",

year = "2016",

month = oct,

day = "10",

doi = "10.1007/978-3-319-59608-2_6",

language = "English",

isbn = "978-3-319-59607-5",

series = "Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ",

publisher = "Springer",

pages = "104--124",

booktitle = "Security and Privacy in Communication Networks",

address = "Germany",

note = "12th International Conference, SecureComm 2016 ; Conference date: 10-10-2016 Through 12-10-2016",

}

Paladi, N & Gehrmann, C 2016, TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. i Security and Privacy in Communication Networks: 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering , vol. 198, Springer, s. 104-124, 12th International Conference, SecureComm 2016, Guangzhou, Kina, 2016/10/10. https://doi.org/10.1007/978-3-319-59608-2_6

TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. / Paladi, Nicolae ; Gehrmann, Christian.

Security and Privacy in Communication Networks: 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings. Springer, 2016. s. 104-124 (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ; Vol. 198).

Forskningsoutput: Kapitel i bok/rapport/Conference proceeding › Konferenspaper i proceeding › Peer review

TY - GEN

T1 - TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

AU - Paladi, Nicolae

AU - Gehrmann, Christian

PY - 2016/10/10

Y1 - 2016/10/10

N2 - Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

AB - Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

U2 - 10.1007/978-3-319-59608-2_6

DO - 10.1007/978-3-319-59608-2_6

M3 - Paper in conference proceeding

SN - 978-3-319-59607-5

T3 - Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

SP - 104

EP - 124

BT - Security and Privacy in Communication Networks

PB - Springer

T2 - 12th International Conference, SecureComm 2016

Y2 - 10 October 2016 through 12 October 2016

ER -

Paladi N , Gehrmann C. TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. I Security and Privacy in Communication Networks: 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings. Springer. 2016. s. 104-124. (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ). doi: 10.1007/978-3-319-59608-2_6

TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

Sammanfattning

Publikationsserier

Konferens

Ämnesklassifikation (UKÄ)

Tillgång till dokument

Fingeravtryck

Forskningsoutput

Trust but Verify: Trust Establishment Mechanisms in Infrastructure Clouds

Citera det här