Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Safeguarding VNF Credentials with Intel SGX
RISE, Swedish ICT, SICS, Security Lab.ORCID iD: 0000-0003-0132-857x
RISE - Research Institutes of Sweden, ICT, SICS.ORCID iD: 0000-0002-6332-5078
2017 (English)In: SIGCOMM Posters and Demos '17 Proceedings of the SIGCOMM Posters and Demos, Association for Computing Machinery (ACM), 2017, p. 144-146Conference paper, Poster (with or without abstract) (Refereed)
Abstract [en]

Operators use containers – enabled by operating system (OS) level virtualization – to deploy virtual network functions (VNFs) that access the centralized network controller in software-defined net- working (SDN) deployments. While SDN allows flexible network configuration, it also increases the attack surface on the network deployment [8]. For example, insecure communication channels may be tapped to extract or inject sensitive data transferred on the north-bound interface, between the network controller and VNFs; furthermore, to protect the network controller from malicious VNF instances, the integrity and authenticity of VNFs must be verified prior to deployment.o mitigate the risks described above, we implemented a prototype that leverages hardware-based mechanisms for isolated execution implemented by Intel SGX in combination with a run-time integrity measurement subsystem, namely Linux Integrity Measure- ment Architecture (IMA)1. This prototype is a first step towards providing to tenants and end-users integrity guarantees regarding the network components in SDN deployments.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2017. p. 144-146
Keywords [en]
SGX, security, VNF, NFV, SDN
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:ri:diva-32952DOI: 10.1145/3123878.3132016ISBN: 978-1-4503-5057-0 (print)OAI: oai:DiVA.org:ri-32952DiVA, id: diva2:1170174
Conference
SIGCOMM 2017, August 22-24, 2017, Los Angeles, California, USA
Available from: 2018-01-02 Created: 2018-01-02 Last updated: 2018-08-22Bibliographically approved

Open Access in DiVA

fulltext(367 kB)34 downloads
File information
File name FULLTEXT01.pdfFile size 367 kBChecksum SHA-512
f815c0f76ab6ccf2f9b04a4109b897202f5efcaa8b653b93f8df5fd28a978a9e8bbe043fbeedcd222d58fd030ae7655557742da7f8bdfe0d0c2893921fef83bf
Type fulltextMimetype application/pdf

Other links

Publisher's full texthttp://dl.acm.org/citation.cfm?id=3132016

Search in DiVA

By author/editor
Paladi, NicolaeKarlsson, Linus
By organisation
Security LabSICS
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 34 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 27 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf