Paladi, Nicolae and Linus, Karlsson (2017) Safeguarding VNF Credentials with Intel SGX. In: SIGCOMM 2017, August 22-24, 2017, Los Angeles, California, USA.
|PDF - Accepted Version|
Official URL: http://dl.acm.org/citation.cfm?id=3132016
Operators use containers – enabled by operating system (OS) level virtualization – to deploy virtual network functions (VNFs) that access the centralized network controller in software-defined net- working (SDN) deployments. While SDN allows flexible network configuration, it also increases the attack surface on the network deployment . For example, insecure communication channels may be tapped to extract or inject sensitive data transferred on the north-bound interface, between the network controller and VNFs; furthermore, to protect the network controller from malicious VNF instances, the integrity and authenticity of VNFs must be verified prior to deployment.o mitigate the risks described above, we implemented a prototype that leverages hardware-based mechanisms for isolated execution implemented by Intel SGX in combination with a run-time integrity measurement subsystem, namely Linux Integrity Measure- ment Architecture (IMA)1. This prototype is a first step towards providing to tenants and end-users integrity guarantees regarding the network components in SDN deployments.
|Item Type:||Conference or Workshop Item (Poster)|
|Uncontrolled Keywords:||SGX, security, VNF, NFV, SDN|
|Deposited By:||Nicolae Paladi|
|Deposited On:||21 Sep 2017 16:34|
|Last Modified:||21 Sep 2017 16:34|
Repository Staff Only: item control page