Component integrity guarantees in software-defined networking infrastructure

Girtler, Daniel; Paladi, Nicolae

doi:10.1109/nfv-sdn.2017.8169858

Cited by 5 publications

(4 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While virtualized network functions offer great advantages in terms of flexibility, they also open up vulnerability to intrusion attacks. To counter this, Girtler and Paladi [38] propose a mechanism that secures communication between the SDN controller and the network applications and thus enables integrity (DR6).…”

Section: Discussionmentioning

confidence: 99%

Towards a Reference Architecture for Future Industrial Internet of Things Networks

Martin

Kühl²,

Schwenk³

2021

2021 IEEE 23rd Conference on Business Informatics (CBI)

View full text Add to dashboard Cite

Section: Discussionmentioning

confidence: 99%

Towards a Reference Architecture for Future Industrial Internet of Things Networks

Martin

Kühl²,

Schwenk³

2021

2021 IEEE 23rd Conference on Business Informatics (CBI)

View full text Add to dashboard Cite

“…SCONE allows operators to protect the secrecy and integrity of computing in containers against host root access adversaries [21]. An alternative approach to securing virtual network functions running in containers, which prevents the unnecessary expansion of the trusted computing foundation, is proposed in [22]. Event Controller Eviction mitigates DoS attacks and OpenFlow Application overflow [23].…”

Section: Related Workmentioning

confidence: 99%

Secure Software Defined Networks Controller Storage using Intel Software Guard Extensions

Qasmaoui¹,

Maleh²,

Haqiq³

2020

IJACSA

View full text Add to dashboard Cite

The SDN controller is the core of the softwaredefined network (SDN), which provides important network operations that needs to be protected from all type of threats. Many researches have been focusing on different layers of security regarding the SDN controller such as Anti-DDOS system or enforcement of TLS connection between the controller and the Open-vswitches. One of the major security threats targeting any program is the environment execution itself (e.g. Operating system and the hardware itself). Intel's Software Guard Extension (SGX) offers a sloid layer of security applied to applications by creating a Trusted execution environment. SDN controller relay on a storage module to keep sensitive data such as Flow Rules, users' credentials and configuration files. Protecting this side of the SDN controller is a must in term of security. To date, no work has been conducted considering SDN controller storage security using Intel SGX. This paper introduces an SGX enabled SDN controller. The new controller ensures the integrity and the confidentiality in a trusted execution environment by leveraging a recent hardware technology called intel SGX. This technology provides a trusted and secure enclave. Enclaves are sealed and unsealed by intel SGX attestation mechanisms to protect the executed code and data inside live memory and disk from being altered by any unauthorized access. High privileged codes such as the OS itself is kept from altering data inside enclaves. We implemented the Intel SGX using the Floodlight SDN controller running a real enabled Intel SGX hardware. Our evaluation shows that the SGX enabled SDN controller introduces a slightly observable performance overhead to the floodlight controller compared to advantages in term of security.

show abstract

“…SCONE enables operators to protect confidentiality and integrity of computation in containers against adversaries with host root access [16]. An alternative approach to protecting virtual network functions running in containers, that avoids the excessive expansion of the trusted computing base is presented in [17].…”

Section: F Related Workmentioning

confidence: 99%