TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

Paladi, Nicolae; Gehrmann, Christian

TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

Mark

and Gehrmann, Christian ^LU (2016) 12th International Conference, SecureComm 2016 In Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 198. p.104-124

Abstract: Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a... (More); Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead. (Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/32c637e9-809c-4d42-b65f-7d1b50d52c65

author

Paladi, Nicolae ^LU

and Gehrmann, Christian ^LU

publishing date

2016-10-10

type

Chapter in Book/Report/Conference proceeding

publication status

published

subject

Communication Systems

host publication

Security and Privacy in Communication Networks : 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings - 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings

series title

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

volume

198

pages

21 pages

publisher

Springer

conference name

12th International Conference, SecureComm 2016

conference location

Guangzhou, China

conference dates

2016-10-10 - 2016-10-12

external identifiers

scopus:85021707665

ISSN

1867-8211

1867-822X

ISBN

978-3-319-59607-5

978-3-319-59608-2

DOI

10.1007/978-3-319-59608-2_6

language

English

LU publication?

no

id

32c637e9-809c-4d42-b65f-7d1b50d52c65

alternative location

https://link.springer.com/chapter/10.1007/978-3-319-59608-2_6

date added to LUP

2018-11-21 15:54:25

date last changed

2024-01-30 03:12:34

@inproceedings{32c637e9-809c-4d42-b65f-7d1b50d52c65,
  abstract     = {{Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement   TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves.   TruSDN  is secure under a powerful adversary model, with a minor performance overhead.}},
  author       = {{Paladi, Nicolae and Gehrmann, Christian}},
  booktitle    = {{Security and Privacy in Communication Networks : 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings}},
  isbn         = {{978-3-319-59607-5}},
  issn         = {{1867-8211}},
  language     = {{eng}},
  month        = {{10}},
  pages        = {{104--124}},
  publisher    = {{Springer}},
  series       = {{Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering}},
  title        = {{TruSDN: Bootstrapping Trust in Cloud Network Infrastructure}},
  url          = {{http://dx.doi.org/10.1007/978-3-319-59608-2_6}},
  doi          = {{10.1007/978-3-319-59608-2_6}},
  volume       = {{198}},
  year         = {{2016}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

TruSDN: Bootstrapping Trust in Cloud Network Infrastructure