Archivio Istituzionale della RicercaSDN/NFV techniques are growing in popularity. They are powerful and flexible but less secure because they exploit specific software modules running at the nodes of a highly distributed infrastructure. Due to errors or attacks, the node can be easily compromised to alter its behaviour. In order to tackle this issue, we exploit remote attestation, a well-known technique to assess the software integrity of a node. Unfortunately, it only works well with physical platforms but not so well in virtualized environments. This paper presents our insights to adopt remote attestation in SDN/NFV environments. We show the possible approaches to attest the software integrity inside virtualised instances in practice and show their respective performance results and limitations. Further we present a SDN verifier to attest the OpenFlow rules loaded in the NFV nodes and the improvements to push the performance of remote attestation to its limit. In the end, we talk about the recent efforts in standardising remote attestation in NFV.
Trust in SDN/NFV environments / Lioy, Antonio; Su, Tao; Lopez, Diego R.; Pastor, Antonio; Shaw, Adrian L.; Attak, Hamza - In: Guide to Security in SDN and NFV - Challenges, Opportunities, and Applications / Ying Zhu S., Hill R.; Scott-Hayward S.; Jacquin L.. - STAMPA. - [s.l] : springer, 2017. - ISBN 978-3-319-64652-7. - pp. 103-124 [10.1007/978-3-319-64653-4_4]
Trust in SDN/NFV environments
LIOY, ANTONIO;SU, TAO;
2017
Abstract
SDN/NFV techniques are growing in popularity. They are powerful and flexible but less secure because they exploit specific software modules running at the nodes of a highly distributed infrastructure. Due to errors or attacks, the node can be easily compromised to alter its behaviour. In order to tackle this issue, we exploit remote attestation, a well-known technique to assess the software integrity of a node. Unfortunately, it only works well with physical platforms but not so well in virtualized environments. This paper presents our insights to adopt remote attestation in SDN/NFV environments. We show the possible approaches to attest the software integrity inside virtualised instances in practice and show their respective performance results and limitations. Further we present a SDN verifier to attest the OpenFlow rules loaded in the NFV nodes and the improvements to push the performance of remote attestation to its limit. In the end, we talk about the recent efforts in standardising remote attestation in NFV.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2665348
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo