Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Protecting OpenFlow using Intel SGX
New Jersey Institute of Technology, USA.
Lund University, SWE.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.ORCID iD: 0000-0003-4494-9851
2019 (English)In: IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2019 - Proceedings / [ed] Horner L.,Tutschku K.,Granelli F.,Sekiya Y.,Tacca M.,Bhamare D.,Parzyjegla H., Institute of Electrical and Electronics Engineers Inc. , 2019, article id 9039980Conference paper, Published paper (Refereed)
Abstract [en]

OpenFlow flow tables in Open vSwitch contain valuable information about installed flows, priorities, packet actions and routing policies. Their importance is emphasized when collocated tenants compete for the limited entries available to install flow rules. OpenFlow flow tables are a security asset that requires confidentiality and integrity guarantees. However, commodity software switch implementations - such as Open vSwitch - do not implement protection mechanisms capable to prevent attackers from obtaining information about the installed flows or modifying flow tables. We adopt a novel approach to enabling OpenFlow flow table protection through decomposition. We identify core assets requiring security guarantees, isolate OpenFlow flow tables through decomposition and implement a prototype using Open vSwitch and Software Guard Extensions enclaves. An evaluation of the prototype on a distributed testbed both demonstrates that the approach is practical and indicates directions for further improvements. © 2019 IEEE.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc. , 2019. article id 9039980
Keywords [en]
confidentiality, integrity, Software Defined Networks, Software Guard Extentions, Software defined networking, Software prototyping, Transfer functions, Commodity software, Core asset, Flow tables, Open vswitch, Protection mechanisms, Routing policies, Network function virtualization
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-19427DOI: 10.1109/NFV-SDN47374.2019.9039980ISI: 000685214600014Scopus ID: 2-s2.0-85082985337ISBN: 9781728145457 (print)OAI: oai:DiVA.org:bth-19427DiVA, id: diva2:1427993
Conference
2019 IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2019; Dallas; United States; 12 November 2019 through 14 November 2019
Funder
Swedish Foundation for Strategic Research , RIT17-0035EU, Horizon 2020, 826093Available from: 2020-05-04 Created: 2020-05-04 Last updated: 2021-12-22Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Arlos, Patrik

Search in DiVA

By author/editor
Arlos, Patrik
By organisation
Department of Computer Science
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 310 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf