TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

Paladi, Nicolae and Gehrmann, Christian (2016) TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. In: 12th EAI International Conference on Security and Privacy in Communication Networks, OCTOBER 10–12, 2016, GUANGZHOU, PEOPLE'S REPUBLIC OF CHINA. (In Press)

PDF (Preprint) - Accepted Version


Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defence against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

Item Type:Conference or Workshop Item (Paper)
Uncontrolled Keywords:Software Defined Networking, trust, integrity, virtual switches
ID Code:6037
Deposited By:Nicolae Paladi
Deposited On:11 Aug 2016 09:31
Last Modified:11 Aug 2016 09:31

Repository Staff Only: item control page