TruSDN: Bootstrapping Trust in Cloud Network Infrastructure
This addresses security risks in cloud network infrastructure for SDN deployments, representing an incremental improvement with specific defenses.
The authors tackled the security vulnerabilities in Software-Defined Networking (SDN) infrastructure by developing TruSDN, a framework that uses Intel SGX to securely deploy components and protect communications, resulting in minor performance overhead.
Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the net- work infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX), allowing to securely deploy SDN components and protect communication between network endpoints. We introduce ephemeral flow-specific pre-shared keys and propose a novel defense against cuckoo attacks on SGX enclaves. TruSDN is secure under a powerful adversary model, with a minor performance overhead.