Solid-flow: A flow rules security mechanism for SDN

Qasmaoui, Youssef; Haqiq, Abdelkrim

doi:10.1109/cloudtech.2017.8284734

Cited by 5 publications

(1 citation statement)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The SDN controllers represent the most delicate part of the SDN architecture as it consists of the brain of the network, making it vulnerable to all sort of attacks [6], [7]. Security issues may vary depending on the level of interest targeted by a malicious person; it goes from Denial of service to traffic redirection and flow rules modification [8]. The SDN controller software is run on vast untrusted platforms, including operating systems, hypervisors, firmware, and hardware.…”

Section: Introductionmentioning

confidence: 99%

Secure Software Defined Networks Controller Storage using Intel Software Guard Extensions

Qasmaoui¹,

Maleh²,

Haqiq³

2020

IJACSA

Self Cite

View full text Add to dashboard Cite

The SDN controller is the core of the softwaredefined network (SDN), which provides important network operations that needs to be protected from all type of threats. Many researches have been focusing on different layers of security regarding the SDN controller such as Anti-DDOS system or enforcement of TLS connection between the controller and the Open-vswitches. One of the major security threats targeting any program is the environment execution itself (e.g. Operating system and the hardware itself). Intel's Software Guard Extension (SGX) offers a sloid layer of security applied to applications by creating a Trusted execution environment. SDN controller relay on a storage module to keep sensitive data such as Flow Rules, users' credentials and configuration files. Protecting this side of the SDN controller is a must in term of security. To date, no work has been conducted considering SDN controller storage security using Intel SGX. This paper introduces an SGX enabled SDN controller. The new controller ensures the integrity and the confidentiality in a trusted execution environment by leveraging a recent hardware technology called intel SGX. This technology provides a trusted and secure enclave. Enclaves are sealed and unsealed by intel SGX attestation mechanisms to protect the executed code and data inside live memory and disk from being altered by any unauthorized access. High privileged codes such as the OS itself is kept from altering data inside enclaves. We implemented the Intel SGX using the Floodlight SDN controller running a real enabled Intel SGX hardware. Our evaluation shows that the SGX enabled SDN controller introduces a slightly observable performance overhead to the floodlight controller compared to advantages in term of security.

show abstract

Section: Introductionmentioning

confidence: 99%