SODA

Safeguarding VNF Credentials with Intel SGX

Paladi, Nicolae and Linus, Karlsson (2017) Safeguarding VNF Credentials with Intel SGX. In: SIGCOMM 2017, August 22-24, 2017, Los Angeles, California, USA.

[img]
Preview
PDF - Accepted Version
362Kb

Official URL: http://dl.acm.org/citation.cfm?id=3132016

Abstract

Operators use containers – enabled by operating system (OS) level virtualization – to deploy virtual network functions (VNFs) that access the centralized network controller in software-defined net- working (SDN) deployments. While SDN allows flexible network configuration, it also increases the attack surface on the network deployment [8]. For example, insecure communication channels may be tapped to extract or inject sensitive data transferred on the north-bound interface, between the network controller and VNFs; furthermore, to protect the network controller from malicious VNF instances, the integrity and authenticity of VNFs must be verified prior to deployment.o mitigate the risks described above, we implemented a prototype that leverages hardware-based mechanisms for isolated execution implemented by Intel SGX in combination with a run-time integrity measurement subsystem, namely Linux Integrity Measure- ment Architecture (IMA)1. This prototype is a first step towards providing to tenants and end-users integrity guarantees regarding the network components in SDN deployments.

Item Type:Conference or Workshop Item (Poster)
Uncontrolled Keywords:SGX, security, VNF, NFV, SDN
ID Code:6162
Deposited By:Nicolae Paladi
Deposited On:21 Sep 2017 16:34
Last Modified:21 Sep 2017 16:34

Repository Staff Only: item control page