Trust Anchors in Software Defined Networks

Nicolae Paladi; Linus Karlsson; Khalid Elbashir

doi:10.1007/978-3-319-98989-1_24

Trust Anchors in Software Defined Networks

Nicolae Paladi, Linus Karlsson, Khalid Elbashir

Forskningsoutput: Kapitel i bok/rapport/Conference proceeding › Konferenspaper i proceeding › Peer review

265 Nedladdningar (Pure)

Sammanfattning

Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.

Originalspråk	engelska
Titel på värdpublikation	23rd European Symposium on Research in Computer Security, ESORICS 2018
Förlag	Springer
Sidor	485-505
Antal sidor	20
Volym	11099
ISBN (elektroniskt)	978-3-319-98989-1
ISBN (tryckt)	978-3-319-98988-4
DOI	https://doi.org/10.1007/978-3-319-98989-1_24
Status	Published - 2018 aug. 7
Evenemang	European Symposium on Research in Computer Security - Barcelona, Spanien Varaktighet: 2018 sep. 3 → 2018 sep. 7 Konferensnummer: 23 https://esorics2018.upc.edu/

Publikationsserier

Namn	Lecture Notes in Computer Science
Förlag	Springer
Volym	11009
ISSN (tryckt)	0302-9743
ISSN (elektroniskt)	1611-3349

Konferens

Konferens	European Symposium on Research in Computer Security
Förkortad titel	ESORICS
Land/Territorium	Spanien
Ort	Barcelona
Period	2018/09/03 → 2018/09/07
Internetadress	https://esorics2018.upc.edu/

Ämnesklassifikation (UKÄ)

Kommunikationssystem

Tillgång till dokument

10.1007/978-3-319-98989-1_24

trust_anchors_sdnAccepterat manuskript från författare, 364 KB

1 Doktorsavhandling (sammanläggning)

Contributions to Preventive Measures in Cyber Security
Karlsson, L., 2019 sep. 30, Department of Electrical and Information Technology, Lund University. 205 s.
Forskningsoutput: Avhandling › Doktorsavhandling (sammanläggning)

Öppen tillgång
Fil

Citera det här

@inproceedings{e557309e0d7a41e9909fc3c56e61a80e,

title = "Trust Anchors in Software Defined Networks",

abstract = "Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.",

author = "Nicolae Paladi and Linus Karlsson and Khalid Elbashir",

year = "2018",

month = aug,

day = "7",

doi = "10.1007/978-3-319-98989-1_24",

language = "English",

isbn = "978-3-319-98988-4",

volume = "11099",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "485--505",

booktitle = "23rd European Symposium on Research in Computer Security, ESORICS 2018",

address = "Germany",

note = "European Symposium on Research in Computer Security, ESORICS ; Conference date: 03-09-2018 Through 07-09-2018",

url = "https://esorics2018.upc.edu/",

}

Paladi, N, Karlsson, L & Elbashir, K 2018, Trust Anchors in Software Defined Networks. i 23rd European Symposium on Research in Computer Security, ESORICS 2018. vol. 11099, Lecture Notes in Computer Science, vol. 11009, Springer, s. 485-505, European Symposium on Research in Computer Security, Barcelona, Spanien, 2018/09/03. https://doi.org/10.1007/978-3-319-98989-1_24

TY - GEN

T1 - Trust Anchors in Software Defined Networks

AU - Paladi, Nicolae

AU - Karlsson, Linus

AU - Elbashir, Khalid

N1 - Conference code: 23

PY - 2018/8/7

Y1 - 2018/8/7

N2 - Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.

AB - Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.

U2 - 10.1007/978-3-319-98989-1_24

DO - 10.1007/978-3-319-98989-1_24

M3 - Paper in conference proceeding

SN - 978-3-319-98988-4

VL - 11099

T3 - Lecture Notes in Computer Science

SP - 485

EP - 505

BT - 23rd European Symposium on Research in Computer Security, ESORICS 2018

PB - Springer

T2 - European Symposium on Research in Computer Security

Y2 - 3 September 2018 through 7 September 2018

ER -

Trust Anchors in Software Defined Networks

Sammanfattning

Publikationsserier

Konferens

Ämnesklassifikation (UKÄ)

Tillgång till dokument

Fingeravtryck

Forskningsoutput

Contributions to Preventive Measures in Cyber Security

Citera det här