Trust Anchors in Software Defined Networks

Paladi, Nicolae; Karlsson, Linus; Elbashir, Khalid

Trust Anchors in Software Defined Networks

Mark

Paladi, Nicolae ^LU

; Karlsson, Linus ^LU

and Elbashir, Khalid (2018) European Symposium on Research in Computer Security In Lecture Notes in Computer Science 11009. p.485-505

Abstract: Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in... (More); Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage. (Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/e557309e-0d7a-41e9-909f-c3c56e61a80e

author

Paladi, Nicolae ^LU

; Karlsson, Linus ^LU

and Elbashir, Khalid

organization

publishing date

2018-08-07

type

Chapter in Book/Report/Conference proceeding

publication status

published

subject

Communication Systems

host publication

23rd European Symposium on Research in Computer Security, ESORICS 2018

series title

Lecture Notes in Computer Science

volume

11009

pages

20 pages

publisher

Springer

conference name

European Symposium on Research in Computer Security

conference location

Barcelona, Spain

conference dates

2018-09-03 - 2018-09-07

external identifiers

scopus:85051855924

ISSN

0302-9743

1611-3349

ISBN

978-3-319-98988-4

978-3-319-98989-1

DOI

10.1007/978-3-319-98989-1_24

language

English

LU publication?

yes

id

e557309e-0d7a-41e9-909f-c3c56e61a80e

date added to LUP

2018-08-10 16:56:00

date last changed

2024-05-13 13:16:07

@inproceedings{e557309e-0d7a-41e9-909f-c3c56e61a80e,
  abstract     = {{Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.}},
  author       = {{Paladi, Nicolae and Karlsson, Linus and Elbashir, Khalid}},
  booktitle    = {{23rd European Symposium on Research in Computer Security, ESORICS 2018}},
  isbn         = {{978-3-319-98988-4}},
  issn         = {{0302-9743}},
  language     = {{eng}},
  month        = {{08}},
  pages        = {{485--505}},
  publisher    = {{Springer}},
  series       = {{Lecture Notes in Computer Science}},
  title        = {{Trust Anchors in Software Defined Networks}},
  url          = {{https://lup.lub.lu.se/search/files/49253564/trust_anchors_sdn.pdf}},
  doi          = {{10.1007/978-3-319-98989-1_24}},
  volume       = {{11009}},
  year         = {{2018}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

Trust Anchors in Software Defined Networks