Bootstrapping trust in software defined networks

Paladi, Nicolae and Gehrmann, Christian (2017) Bootstrapping trust in software defined networks. EAI Endorsed Transactions on Security and Safety, 4 (11). e5. ISSN 2032-9393

[thumbnail of eai.7-12-2017.153397.pdf]
Available under License Creative Commons Attribution No Derivatives.

Download (1MB) | Preview


Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

Item Type: Article
Uncontrolled Keywords: Integrity, Software Defined Networking, Trust, Virtual Switches
Subjects: H Social Sciences > H Social Sciences (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
QA75 Electronic computers. Computer science
Depositing User: EAI Editor IV
Date Deposited: 26 Mar 2021 13:52
Last Modified: 26 Mar 2021 13:52

Actions (login required)

View Item
View Item