SDN/NFV techniques are growing in popularity. They are powerful and flexible but less secure because they exploit specific software modules running at the nodes of a highly distributed infrastructure. Due to errors or attacks, the node can be easily compromised to alter its behaviour. In order to tackle this issue, we exploit remote attestation, a well-known technique to assess the software integrity of a node. Unfortunately, it only works well with physical platforms but not so well in virtualized environments. This paper presents our insights to adopt remote attestation in SDN/NFV environments. We show the possible approaches to attest the software integrity inside virtualised instances in practice and show their respective performance results and limitations. Further we present a SDN verifier to attest the OpenFlow rules loaded in the NFV nodes and the improvements to push the performance of remote attestation to its limit. In the end, we talk about the recent efforts in standardising remote attestation in NFV.

Trust in SDN/NFV environments / Lioy, Antonio; Su, Tao; Lopez, Diego R.; Pastor, Antonio; Shaw, Adrian L.; Attak, Hamza - In: Guide to Security in SDN and NFV - Challenges, Opportunities, and Applications / Ying Zhu S., Hill R.; Scott-Hayward S.; Jacquin L.. - STAMPA. - [s.l] : springer, 2017. - ISBN 978-3-319-64652-7. - pp. 103-124 [10.1007/978-3-319-64653-4_4]

Trust in SDN/NFV environments

LIOY, ANTONIO;SU, TAO;
2017

Abstract

SDN/NFV techniques are growing in popularity. They are powerful and flexible but less secure because they exploit specific software modules running at the nodes of a highly distributed infrastructure. Due to errors or attacks, the node can be easily compromised to alter its behaviour. In order to tackle this issue, we exploit remote attestation, a well-known technique to assess the software integrity of a node. Unfortunately, it only works well with physical platforms but not so well in virtualized environments. This paper presents our insights to adopt remote attestation in SDN/NFV environments. We show the possible approaches to attest the software integrity inside virtualised instances in practice and show their respective performance results and limitations. Further we present a SDN verifier to attest the OpenFlow rules loaded in the NFV nodes and the improvements to push the performance of remote attestation to its limit. In the end, we talk about the recent efforts in standardising remote attestation in NFV.
2017
978-3-319-64652-7
Guide to Security in SDN and NFV - Challenges, Opportunities, and Applications
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2665348
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo