Distributed Shadow Controllers based Moving Target Defense Framework for Control Plane Security

Hyder, Muhammad Faraz; Ismail, Muhammad Ali

doi:10.14569/ijacsa.2019.0101221

Cited by 2 publications

(1 citation statement)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Software-Defined Network is a new paradigm of network architecture that aims to design a data plane that is fully programmable and separated from the control plane [1]. The Control Plane manages decisions about how and where to transmit network traffic through system configuration, management and exchange of routing table information.…”

Section: Introductionmentioning

confidence: 99%

Secure Software Defined Networks Controller Storage using Intel Software Guard Extensions

Qasmaoui¹,

Maleh²,

Haqiq³

2020

IJACSA

View full text Add to dashboard Cite

The SDN controller is the core of the softwaredefined network (SDN), which provides important network operations that needs to be protected from all type of threats. Many researches have been focusing on different layers of security regarding the SDN controller such as Anti-DDOS system or enforcement of TLS connection between the controller and the Open-vswitches. One of the major security threats targeting any program is the environment execution itself (e.g. Operating system and the hardware itself). Intel's Software Guard Extension (SGX) offers a sloid layer of security applied to applications by creating a Trusted execution environment. SDN controller relay on a storage module to keep sensitive data such as Flow Rules, users' credentials and configuration files. Protecting this side of the SDN controller is a must in term of security. To date, no work has been conducted considering SDN controller storage security using Intel SGX. This paper introduces an SGX enabled SDN controller. The new controller ensures the integrity and the confidentiality in a trusted execution environment by leveraging a recent hardware technology called intel SGX. This technology provides a trusted and secure enclave. Enclaves are sealed and unsealed by intel SGX attestation mechanisms to protect the executed code and data inside live memory and disk from being altered by any unauthorized access. High privileged codes such as the OS itself is kept from altering data inside enclaves. We implemented the Intel SGX using the Floodlight SDN controller running a real enabled Intel SGX hardware. Our evaluation shows that the SGX enabled SDN controller introduces a slightly observable performance overhead to the floodlight controller compared to advantages in term of security.

show abstract

Section: Introductionmentioning

confidence: 99%