Component Integrity Guarantees in Software-Defined Networking Infrastructure

Girtler, Daniel and Paladi, Nicolae (2017) Component Integrity Guarantees in Software-Defined Networking Infrastructure. In: Third IEEE International Workshop on Security in NFV-SDN (SN-2017), 6-8 November 2017, Berlin, Germany. (In Press)

PDF - Accepted Version


Operating system level virtualization containers are commonly used to deploy virtual network functions (VNFs) which access the centralized network controller in software-defined net- working (SDN) infrastructure. While this allows flexible network configuration, it also increases the attack surface, as sensitive information is transmitted between the controller and the virtual network functions. In this work we propose a mechanism for bootstrapping secure communication between the SDN controller and deployed network applications. The proposed mechanism relies on platform integrity evaluation and execution isolation mechanisms, such as Linux Integrity Measurement Architecture and Intel Software Guard Extensions. To validate the feasibility of the proposed approach, we have implemented a proof of concept which was further tested and evaluated to assess its performance. The prototype can be seen as the first step into providing users with security guarantees regarding the integrity of components in the SDN infrastructure.

Item Type:Conference or Workshop Item (Paper)
Uncontrolled Keywords:SDN, NFV, SGX, IMA, Docker, security
ID Code:6206
Deposited By:Nicolae Paladi
Deposited On:26 Jan 2018 16:22
Last Modified:26 Jan 2018 16:22

Repository Staff Only: item control page