TruSDN: Bootstrapping Trust in Cloud Network Infrastructure

Paladi, Nicolae; Gehrmann, Christian

doi:10.1007/978-3-319-59608-2_6

Cited by 13 publications

(12 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, all the communication between different elements (i.e. REASSIGNER, C-COMPARATOR and S-COMPARATOR) is assumed to be signed [26]. Thus i) message forging is assumed impossible and ii) message integrity is ensured in the data plane during normal operation.…”

Section: Morph System Modelmentioning

confidence: 99%

MORPH: An Adaptive Framework for Efficient and Byzantine Fault-Tolerant SDN Control Plane

Sakic

Ðerić

Kellerer

2018

IEEE J. Select. Areas Commun.

View full text Add to dashboard Cite

Current approaches to tackling the single point of failure in SDN entail a distributed operation of SDN controller instances. Their state synchronization process is reliant on the assumption of a correct decision-making in the controllers. Successful introduction of SDN in the critical infrastructure networks also requires catering to the issue of unavailable, unreliable (e.g. buggy) and malicious controller failures. We propose MORPH, a framework tolerant to unavailability and Byzantine failures, that distinguishes and localizes faulty controller instances and appropriately reconfigures the control plane. Our controller-switch connection assignment leverages the awareness of the source of failure to optimize the number of active controllers and minimize the controller and switch reconfiguration delays. The proposed re-assignment executes dynamically after each successful failure identification. We require 2FM +FA+1 controllers to tolerate FM malicious and FA availability-induced failures. After a successful detection of FM malicious controllers, MORPH reconfigures the control plane to require a single controller message to forward the system state. Next, we outline and present a solution to the practical correctness issues related to the statefulness of the distributed SDN controller applications, previously ignored in the literature. We base our performance analysis on a resource-aware routing application, deployed in an emulated testbed comprising up to 16 controllers and up to 34 switches, so to tolerate up to 5 unique Byzantine and additional 5 availability-induced controller failures (a total of 10 unique controller failures). We quantify and highlight the dynamic decrease in the packet and CPU load and the response time after each successful failure detection.1) If the PRIMARY controller receives the client request, the task (e.g., path finding) is executed locally. 2) If a SECONDARY controller receives the client request, the request is proxied by the SECONDARY to the PRI-MARY controller, which then proceeds with request handling. If the PRIMARY controller fails, a new PRIMARY that handles the client request, is re-elected [9], [10].However, an occurrence of a Byzantine failure of the PRI-MARY controller (i.e. because of a corrupted [1], manipulated [11], or buggy [12] internal state), may lead to incorrect computation decisions in the controller logic. With Byzantine failures, there is incomplete information on whether the controller has truly failed. Thus, the controller may appear as both failed and correct to the failure-detection systems, presenting different symptoms to different observers (i.e. switches). Additionally, a malicious adversary may interfere with or modify the controller logic for the purpose of taking control of the network or re-routing the network traffic [11].On the other hand, availability-related controller failures lead to the controllers becoming inactive. In contrast to Byzantine failures, such controllers do not actively perform malicious actions nor do they try to hide their...

show abstract

Section: Morph System Modelmentioning

confidence: 99%

MORPH: An Adaptive Framework for Efficient and Byzantine Fault-Tolerant SDN Control Plane

Sakic

Ðerić

Kellerer

2018

IEEE J. Select. Areas Commun.

View full text Add to dashboard Cite

show abstract

“…Initial work for bootstrapping trust in SDN infrastructures using SGX was done in [18], which presents a framework for isolating network endpoints in SGX enclaves attested and verified before establishing secure communication channels. Shih et al [19] proposed to protect sensitive components of intrusion detection systems using Intel SGX.…”

Section: Related Workmentioning

confidence: 99%

Component integrity guarantees in software-defined networking infrastructure

Girtler

Paladi

2017

2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)

Self Cite

View full text Add to dashboard Cite

Abstract-Operating system level virtualization containers are commonly used to deploy virtual network functions (VNFs) which access the centralized network controller in software-defined networking (SDN) infrastructure. While this allows flexible network configuration, it also increases the attack surface, as sensitive information is transmitted between the controller and the virtual network functions. In this work we propose a mechanism for bootstrapping secure communication between the SDN controller and deployed network applications. The proposed mechanism relies on platform integrity evaluation and execution isolation mechanisms, such as Linux Integrity Measurement Architecture and Intel Software Guard Extensions. To validate the feasibility of the proposed approach, we have implemented a proof of concept which was further tested and evaluated to assess its performance. The prototype can be seen as the first step into providing users with security guarantees regarding the integrity of components in the SDN infrastructure.

show abstract

“…However, ensuring and verifying the integrity of VNFs, as well as ensuring the confidentiality of VNF authentication credentials have not been addressed so far. We build upon previous work [7] to provide security guarantees regarding the integrity or VNFs deployed in containers prior to their deployment.…”

Section: Introductionmentioning

confidence: 99%