Advanced

Bootstrapping trust in software defined networks

Paladi, Nicolae LU and Gehrmann, Christian LU (2017) In EAI Endorsed Transactions on Security and Safety 4(1).
Abstract
Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific preshared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful... (More)
Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific preshared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead. (Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Contribution to journal
publication status
published
subject
in
EAI Endorsed Transactions on Security and Safety
volume
4
issue
1
ISSN
2032-9393
DOI
10.4108/eai.7-12-2017.153397
language
English
LU publication?
yes
id
d02b795b-42a9-45b6-b4fd-a0d7a8da6e82
date added to LUP
2018-11-21 17:11:28
date last changed
2019-04-30 16:15:41
@article{d02b795b-42a9-45b6-b4fd-a0d7a8da6e82,
  abstract     = {Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific preshared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.},
  author       = {Paladi, Nicolae and Gehrmann, Christian},
  issn         = {2032-9393},
  language     = {eng},
  number       = {1},
  series       = {EAI Endorsed Transactions on Security and Safety },
  title        = {Bootstrapping trust in software defined networks},
  url          = {http://dx.doi.org/10.4108/eai.7-12-2017.153397},
  volume       = {4},
  year         = {2017},
}