Abstract
The SDN controller is the core of the software-defined network (SDN), which provides important network operations that needs to be protected from all type of threats. Many researches have been focusing on different layers of security regarding the SDN controller such as Anti-DDOS system or enforcement of TLS connection between the controller and the Open-vswitches. One of the major security threats targeting any program is the environment execution itself (e.g. Operating system and the hardware itself). Intel's Software Guard Extension (SGX) offers a sloid layer of security applied to applications by creating a Trusted execution environment. SDN controller relay on a storage module to keep sensitive data such as Flow Rules, users’ credentials and configuration files. Protecting this side of the SDN controller is a must in term of security. To date, no work has been conducted considering SDN controller storage security using Intel SGX. This paper introduces an SGX enabled SDN controller. The new controller ensures the integrity and the confidentiality in a trusted execution environment by leveraging a recent hardware technology called intel SGX. This technology provides a trusted and secure enclave. Enclaves are sealed and unsealed by intel SGX attestation mechanisms to protect the executed code and data inside live memory and disk from being altered by any unauthorized access. High privileged codes such as the OS itself is kept from altering data inside enclaves. We implemented the Intel SGX using the Floodlight SDN controller running a real enabled Intel SGX hardware. Our evaluation shows that the SGX enabled SDN controller introduces a slightly observable performance overhead to the floodlight controller compared to advantages in term of security.
Highlights
In recent years, the network research community has experienced a period of intense activity that has led to the emergence of different architectures or paradigms such as the softwaredefined network (SDN)
The section will include a background and related works followed by the proposed model to secure SDN controller storage using Intel Software Guard Extensions (SGX), we present the results of the implementation with discussion
In this paper we focused on intel SGX technology to deploy our secure SDN controller
Summary
The network research community has experienced a period of intense activity that has led to the emergence of different architectures or paradigms such as the SDN. The SDN controller software is run on vast untrusted platforms, including operating systems, hypervisors, firmware, and hardware This large machine base is growing complex and difficult to verify. Hardware is commonly considered to be a stable base since the cost and sophistication of hardware attacks usually are high This has lead to the development of a secure running environment by industrial hardware companies for a safety-critical application that maintains little reliance or less dependency upon the operating system and hypervisor. The objective of this work is to propose a secure architecture by programming new modules and adding security functions at the control plan storage based on Intel SGX. The section will include a background and related works followed by the proposed model to secure SDN controller storage using Intel SGX, we present the results of the implementation with discussion.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
