TruSDN: Bootstrapping Trust in Cloud Network Infrastructure
(2016) 12th International Conference, SecureComm 2016 In Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 198. p.104-124- Abstract
- Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a... (More)
- Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/32c637e9-809c-4d42-b65f-7d1b50d52c65
- author
- Paladi, Nicolae LU and Gehrmann, Christian LU
- publishing date
- 2016-10-10
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- host publication
- Security and Privacy in Communication Networks : 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings - 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings
- series title
- Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
- volume
- 198
- pages
- 21 pages
- publisher
- Springer
- conference name
- 12th International Conference, SecureComm 2016
- conference location
- Guangzhou, China
- conference dates
- 2016-10-10 - 2016-10-12
- external identifiers
-
- scopus:85021707665
- ISSN
- 1867-8211
- 1867-822X
- ISBN
- 978-3-319-59607-5
- 978-3-319-59608-2
- DOI
- 10.1007/978-3-319-59608-2_6
- language
- English
- LU publication?
- no
- id
- 32c637e9-809c-4d42-b65f-7d1b50d52c65
- alternative location
- https://link.springer.com/chapter/10.1007/978-3-319-59608-2_6
- date added to LUP
- 2018-11-21 15:54:25
- date last changed
- 2024-01-30 03:12:34
@inproceedings{32c637e9-809c-4d42-b65f-7d1b50d52c65, abstract = {{Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN , a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.}}, author = {{Paladi, Nicolae and Gehrmann, Christian}}, booktitle = {{Security and Privacy in Communication Networks : 12th International Conference, SecureComm 2016, Guangzhou, China, October 10-12, 2016, Proceedings}}, isbn = {{978-3-319-59607-5}}, issn = {{1867-8211}}, language = {{eng}}, month = {{10}}, pages = {{104--124}}, publisher = {{Springer}}, series = {{Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering}}, title = {{TruSDN: Bootstrapping Trust in Cloud Network Infrastructure}}, url = {{http://dx.doi.org/10.1007/978-3-319-59608-2_6}}, doi = {{10.1007/978-3-319-59608-2_6}}, volume = {{198}}, year = {{2016}}, }