Research Article
Bootstrapping trust in software defined networks
@ARTICLE{10.4108/eai.7-12-2017.153397, author={Nicolae Paladi and Christian Gehrmann}, title={Bootstrapping trust in software defined networks}, journal={EAI Endorsed Transactions on Security and Safety}, volume={4}, number={11}, publisher={EAI}, journal_a={SESA}, year={2017}, month={12}, keywords={Integrity, Software Defined Networking, Trust, Virtual Switches}, doi={10.4108/eai.7-12-2017.153397} }- Nicolae Paladi
Christian Gehrmann
Year: 2017
Bootstrapping trust in software defined networks
SESA
EAI
DOI: 10.4108/eai.7-12-2017.153397
Abstract
Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.
Copyright © 2017 Nicolae Paladi and Christian Gerhmann, licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.