Trust Anchors in Software Defined Networks
(2018) European Symposium on Research in Computer Security In Lecture Notes in Computer Science 11009. p.485-505- Abstract
- Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in... (More)
- Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/e557309e-0d7a-41e9-909f-c3c56e61a80e
- author
- Paladi, Nicolae LU ; Karlsson, Linus LU and Elbashir, Khalid
- organization
- publishing date
- 2018-08-07
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- host publication
- 23rd European Symposium on Research in Computer Security, ESORICS 2018
- series title
- Lecture Notes in Computer Science
- volume
- 11009
- pages
- 20 pages
- publisher
- Springer
- conference name
- European Symposium on Research in Computer Security
- conference location
- Barcelona, Spain
- conference dates
- 2018-09-03 - 2018-09-07
- external identifiers
-
- scopus:85051855924
- ISSN
- 1611-3349
- 0302-9743
- ISBN
- 978-3-319-98988-4
- 978-3-319-98989-1
- DOI
- 10.1007/978-3-319-98989-1_24
- language
- English
- LU publication?
- yes
- id
- e557309e-0d7a-41e9-909f-c3c56e61a80e
- date added to LUP
- 2018-08-10 16:56:00
- date last changed
- 2024-09-02 23:48:06
@inproceedings{e557309e-0d7a-41e9-909f-c3c56e61a80e, abstract = {{Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.}}, author = {{Paladi, Nicolae and Karlsson, Linus and Elbashir, Khalid}}, booktitle = {{23rd European Symposium on Research in Computer Security, ESORICS 2018}}, isbn = {{978-3-319-98988-4}}, issn = {{1611-3349}}, language = {{eng}}, month = {{08}}, pages = {{485--505}}, publisher = {{Springer}}, series = {{Lecture Notes in Computer Science}}, title = {{Trust Anchors in Software Defined Networks}}, url = {{https://lup.lub.lu.se/search/files/49253564/trust_anchors_sdn.pdf}}, doi = {{10.1007/978-3-319-98989-1_24}}, volume = {{11009}}, year = {{2018}}, }