TruSDN: Bootstrapping Trust in Cloud Network Infrastructure
Nicolae Paladi, Christian Gehrmann
TL;DR
TruSDN is a framework that enhances trust in cloud SDN infrastructure by leveraging Intel SGX to securely deploy components and protect communications, introducing novel defenses against specific attacks with minimal performance impact.
Contribution
It introduces a new trust bootstrapping framework for SDN using SGX, including ephemeral keys and defenses against cuckoo attacks, with proven security under strong adversary models.
Findings
Secure deployment of SDN components using SGX
Introduction of ephemeral flow-specific pre-shared keys
Effective defense against cuckoo attacks with minor performance overhead
Abstract
Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the net- work infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Software-Defined Networks and 5G · Advanced Malware Detection Techniques