Component integrity guarantees in software-defined networking infrastructure
2017 (English)In: 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2017, Institute of Electrical and Electronics Engineers Inc. , 2017, p. 292-296Conference paper, Published paper (Refereed)
Abstract [en]
Operating system level virtualization containers are commonly used to deploy virtual network functions (VNFs) which access the centralized network controller in software-defined networking (SDN) infrastructure. While this allows flexible network configuration, it also increases the attack surface, as sensitive information is transmitted between the controller and the virtual network functions. In this work we propose a mechanism for bootstrapping secure communication between the SDN controller and deployed network applications. The proposed mechanism relies on platform integrity evaluation and execution isolation mechanisms, such as Linux Integrity Measurement Architecture and Intel Software Guard Extensions. To validate the feasibility of the proposed approach, we have implemented a proof of concept which was further tested and evaluated to assess its performance. The prototype can be seen as the first step into providing users with security guarantees regarding the integrity of components in the SDN infrastructure.
Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc. , 2017. p. 292-296
Keywords [en]
Docker, IMA, NFV, SDN, Security, SGX, Computer operating systems, Controllers, Network security, Software defined networking, Transfer functions, Virtual reality, Virtualization, Centralized networks, Integrity measurement, Network applications, Platform integrity, Sensitive informations, Software defined networking (SDN), Network function virtualization
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:ri:diva-38634DOI: 10.1109/NFV-SDN.2017.8169858Scopus ID: 2-s2.0-85043275103ISBN: 9781538632857 (print)OAI: oai:DiVA.org:ri-38634DiVA, id: diva2:1314773
Conference
2017 IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2017, 6 November 2017 through 8 November 2017
2019-05-092019-05-092019-05-09Bibliographically approved