Abstract
Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reducing equipment costs and operational cost. However, virtual intrusion detection systems (VIDS) face more serious security threats due to running in a shared and virtualized environment instead of proprietary devices. Cloud service providers or malicious tenants may illegally access and tamper with the policies, packet information, and internal processing states of intrusion detection systems, thereby violating the privacy and security of tenant's networks. To address these challenges, we use Intel Software Guard Extensions (SGX) to build a Trusted Virtual Intrusion Detection System (TVIDS). For TVIDS, to prevent cloud service providers from accessing sensitive information about the users' network, we build a trusted execution environment for security policy, packets processing, and internal state so that cloud service providers and other malicious tenants can't access the protected code, policy, processing states, and packets information of the intrusion detection system. We implemented TVIDS on the basis of the Snort which is a famous open-source IDS and evaluated its results on real SGX hardware. The results show that our method can protect the security of the virtual IDS and brings acceptable performance overhead.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
