Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Protecting OpenFlow Flow Tables with Intel SGX
RISE - Research Institutes of Sweden. Lund University.ORCID iD: 0000-0003-0132-857x
2019 (English)Conference paper, Oral presentation with published abstract (Other academic)
Abstract [en]

OpenFlow flow tables in Open vSwitch contain valuable information about installed flows, priorities, packet actions and routing policies. Their importance is emphasized when collocated tenants compete for the limited entries available to install flow rules. From a security point of view, OpenFlow flow tables are a valuable asset that requires both confidentiality and integrity guarantees. However, commodity software switch implementations - such as Open vSwitch - do not implement protection mechanisms capable to prevent attackers from either obtaining information about the installed flows or modifying the contents of flow tables. In this work, we adopt a radical approach to enabling OpenFlow flow table protection through decomposition. Based on a careful analysis of the architecture and implementation of Open vSwitch, we identify core assets requiring security guarantees, design an approach to isolating OpenFlow flow tables, and implement a prototype using Open vSwitch and Software Guard Extensions enclaves.

Place, publisher, year, edition, pages
Beijing, 2019.
Keywords [en]
Software Guard Extensions, Open vSwitch, Security, OpenFlow
National Category
Computer Systems Telecommunications
Identifiers
URN: urn:nbn:se:ri:diva-39319DOI: 10.1145/3342280.3342339OAI: oai:DiVA.org:ri-39319DiVA, id: diva2:1334698
Conference
SIGCOMM Posters and Demos '19
Projects
ASCLEPIOSCOLA
Funder
EU, European Research Council, 826093Available from: 2019-07-03 Created: 2019-07-03 Last updated: 2019-07-03Bibliographically approved

Open Access in DiVA

fulltext(369 kB)23 downloads
File information
File name FULLTEXT01.pdfFile size 369 kBChecksum SHA-512
01eedfe96862f58ff86b06efa508bef504cdd05a2435eaeaae7ca97980aa205fbc2918e878168324d83aa914ceded21dada88642a0de4d2c21733b8f99571a48
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Search in DiVA

By author/editor
Paladi, Nicolae
By organisation
RISE - Research Institutes of Sweden
Computer SystemsTelecommunications

Search outside of DiVA

GoogleGoogle Scholar
Total: 23 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 55 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf