Advanced

Trust Anchors in Software Defined Networks

Paladi, Nicolae LU ; Karlsson, Linus LU and Elbashir, Khalid (2018) European Symposium on Research in Computer Security In Lecture Notes in Computer Science 11009. p.485-505
Abstract
Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in... (More)
Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage. (Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
host publication
23rd European Symposium on Research in Computer Security, ESORICS 2018
series title
Lecture Notes in Computer Science
volume
11009
pages
20 pages
publisher
Springer Verlag
conference name
European Symposium on Research in Computer Security
conference location
Barcelona, Spain
conference dates
2018-09-03 - 2018-09-07
external identifiers
  • scopus:85051855924
ISSN
1611-3349
0302-9743
ISBN
978-3-319-98988-4
978-3-319-98989-1
DOI
10.1007/978-3-319-98989-1_24
language
English
LU publication?
yes
id
e557309e-0d7a-41e9-909f-c3c56e61a80e
date added to LUP
2018-08-10 16:56:00
date last changed
2019-09-15 05:08:04
@inproceedings{e557309e-0d7a-41e9-909f-c3c56e61a80e,
  abstract     = {Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware components in cloud and mobile network infrastructure. However, such commodity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.},
  author       = {Paladi, Nicolae and Karlsson, Linus and Elbashir, Khalid},
  booktitle    = {Lecture Notes in Computer Science},
  isbn         = {978-3-319-98988-4},
  issn         = {1611-3349},
  language     = {eng},
  location     = {Barcelona, Spain},
  month        = {08},
  pages        = {485--505},
  publisher    = {Springer Verlag},
  title        = {Trust Anchors in Software Defined Networks},
  url          = {http://dx.doi.org/10.1007/978-3-319-98989-1_24},
  volume       = {11009},
  year         = {2018},
}