Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
TruSDN: Bootstrapping trust in cloud network infrastructure
RISE, Swedish ICT, SICS, Security Lab.ORCID iD: 0000-0003-0132-857x
RISE, Swedish ICT, SICS, Security Lab.ORCID iD: 0000-0001-8003-200x
2017 (English)In: Security and Privacy in Communication Networks, 2017, p. 104-124Conference paper, Published paper (Refereed)
Abstract [en]

Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.

Place, publisher, year, edition, pages
2017. p. 104-124
Series
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (LNICST), ISSN 1867-8211 ; 198
Keywords [en]
Integrity, Software defined networking, Trust, Virtual switches, Trusted computing, Adversary modeling, Architectural modeling, Commodity operating systems, Network infrastructure, Resource utilizations, Software defined networking (SDN), Network security
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:ri:diva-31100DOI: 10.1007/978-3-319-59608-2_6Scopus ID: 2-s2.0-85021707665ISBN: 978-3-319-59607-5 (print)ISBN: 978-3-319-59608-2 (electronic)OAI: oai:DiVA.org:ri-31100DiVA, id: diva2:1136548
Conference
12th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2016), October 10-12, 2016, Guangzhou, China
Projects
5G-ENSUREAvailable from: 2017-08-28 Created: 2017-08-28 Last updated: 2020-12-01Bibliographically approved

Open Access in DiVA

preprint(825 kB)194 downloads
File information
File name FULLTEXT01.pdfFile size 825 kBChecksum SHA-512
00ff7c6ec21adedbeec7db72c9f0cb8db51d6991f48a2170e6642fe234f65c818426bcfe424b264b168d79a1dd6d8c193e5897199da0085fe119788d161671a9
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Paladi, NicolaeGehrmann, Christian

Search in DiVA

By author/editor
Paladi, NicolaeGehrmann, Christian
By organisation
Security Lab
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 194 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 190 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf