Protecting OpenFlow using Intel SGX

被引：0

作者：

Medina, Jorge ^{[1
]}

Paladi, Nicolae ^{[2
,3
]}

Arlos, Patrik ^{[4
]}

机构：

[1] New Jersey Inst Technol, Dept Elect & Comp Engn, Newark, NJ 07102 USA

[2] Lund Univ, Lund, Sweden

[3] RISE Res Inst Sweden, Stockholm, Sweden

[4] Blekinge Inst Technol, Dept Comp Sci, Karlskrona, Sweden

来源：

2019 IEEE CONFERENCE ON NETWORK FUNCTION VIRTUALIZATION AND SOFTWARE DEFINED NETWORKS (IEEE NFV-SDN) | 2019年

关键词：

Software Defined Networks; Software Guard Extentions; integrity; confidentiality;

D O I：

10.1109/nfv-sdn47374.2019.9039980

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

OpenFlow flow tables in Open vSwitch contain valuable information about installed flows, priorities, packet actions and routing policies. Their importance is emphasized when collocated tenants compete for the limited entries available to install flow rules. OpenFlow flow tables are a security asset that requires confidentiality and integrity guarantees. However, commodity software switch implementations - such as Open vSwitch - do not implement protection mechanisms capable to prevent attackers from obtaining information about the installed flows or modifying flow tables. We adopt a novel approach to enabling OpenFlow flow table protection through decomposition. We identify core assets requiring security guarantees, isolate OpenFlow flow tables through decomposition and implement a prototype using Open vSwitch and Software Guard Extensions enclaves. An evaluation of the prototype on a distributed testbed both demonstrates that the approach is practical and indicates directions for further improvements.

引用

页数：6

共 50 条

[1] Protecting OpenFlow Flow Tables with Intel SGX
Paladi, Nicolae
Svenningsson, Jakob
Medina, Jorge
Arlos, Patrik
[J]. PROCEEDINGS OF THE 2019 ACM SIGCOMM CONFERENCE POSTERS AND DEMOS (SIGCOMM '19), 2019, : 146 - 147
[2] UniGuard: Protecting Unikernels using Intel SGX
Sfyrakis, Ioannis
Gross, Thomas
[J]. 2018 IEEE INTERNATIONAL CONFERENCE ON CLOUD ENGINEERING (IC2E 2018), 2018, : 99 - 105
[3] CryptSQLite: Protecting Data Confidentiality of SQLite with Intel SGX
Wang, Yongzhi
Liu, Lingtong
Su, Cuicui
Ma, Jiawen
Wang, Lei
Yang, Yibo
Shen, Yulong
Li, Guangxia
Zhang, Tao
Dong, Xuewen
[J]. 2017 INTERNATIONAL CONFERENCE ON NETWORKING AND NETWORK APPLICATIONS (NANA), 2017, : 303 - 308
[4] CFHider: Protecting Control Flow Confidentiality With Intel SGX
Wang, Yongzhi
Zou, Yu
Shen, Yulong
Liu, Yao
[J]. IEEE TRANSACTIONS ON COMPUTERS, 2022, 71 (09) : 2128 - 2141
[5] SGXPy: Protecting Integrity of Python']Python Applications with Intel SGX
Zhang, Denghui
Wang, Guosai
Xu, Wei
Gao, Kevin
[J]. 2019 26TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC), 2019, : 418 - 425
[6] SecureKeeper: Confidential ZooKeeper using Intel SGX
Brenner, Stefan
Wulf, Colin
Goltzsche, David
Weichbrodt, Nico
Lorenz, Matthias
Fetzer, Christof
Pietzuch, Peter
Kapitza, Rudiger
[J]. MIDDLEWARE '16: PROCEEDINGS OF THE 17TH INTERNATIONAL MIDDLEWARE CONFERENCE, 2016,
[7] Hardening Application Security using Intel SGX
Plauth, Max
Teschke, Fredrik
Richter, Daniel
Polze, Andreas
[J]. 2018 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY (QRS 2018), 2018, : 375 - 380
[8] Verifiable Functional Encryption Using Intel SGX
Suzuki, Tatsuya
Emura, Keita
Ohigashi, Toshihiro
Omote, Kazumasa
[J]. PROVABLE AND PRACTICAL SECURITY, PROVSEC 2021, 2021, 13059 : 215 - 240
[9] IRON: Functional Encryption using Intel SGX
Fisch, Ben
Vinayagamurthy, Dhinakaran
Boneh, Dan
Gorbunov, Sergey
[J]. CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2017, : 765 - 782
[10] Private Function Evaluation Using Intel's SGX
Selo, Omar Abou
Rachid, Maan Haj
Shikfa, Abdullatif
Wang, Yongge
Malluhi, Qutaibah
[J]. SECURITY AND COMMUNICATION NETWORKS, 2020, 2020

← 1 2 3 4 5 →