发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges最新文献

筛选
英文 中文
Offloading Security Services to the Cloud Infrastructure 将安全服务卸载到云基础设施
Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges Pub Date : 2018-08-07 DOI: 10.1145/3229616.3229624
P. Chaignon, Diane Adjavon, Kahina Lazri, J. François, O. Festor
{"title":"Offloading Security Services to the Cloud Infrastructure","authors":"P. Chaignon, Diane Adjavon, Kahina Lazri, J. François, O. Festor","doi":"10.1145/3229616.3229624","DOIUrl":"https://doi.org/10.1145/3229616.3229624","url":null,"abstract":"Cloud applications rely on a diverse set of security services from application-layer rate-limiting to TCP SYN cookies and application firewalls. Some of these services are implemented at the infrastructure layer, on the host or in the NIC, to filter attacks closer to their source and free CPU cycles for the tenants' applications. Most security services, however, remain difficult to implement at the infrastructure layer because they are closely tied to the applications they protect. In this paper, we propose to allow tenants to offload small filtering programs to the infrastructure. We design a mechanism to ensure fairness in resource consumption among tenants and show that, by carefully probing specific points of the infrastructure, all resource consumption can be accounted for. We prototype our solution over the new high-performance datapath of Linux. Our preliminary experiments show that an offload to the host's CPU can bring a 4-6x performance improvement. In addition, fairness among tenants introduces an overhead of only 14% in the worst case and approximately 3% for realistic applications.","PeriodicalId":230847,"journal":{"name":"Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129158068","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Virtual Network Isolation: Are We There Yet? 虚拟网络隔离:我们做到了吗?
Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges Pub Date : 2018-08-07 DOI: 10.1145/3229616.3229618
K. Thimmaraju, G. Rétvári, S. Schmid
{"title":"Virtual Network Isolation: Are We There Yet?","authors":"K. Thimmaraju, G. Rétvári, S. Schmid","doi":"10.1145/3229616.3229618","DOIUrl":"https://doi.org/10.1145/3229616.3229618","url":null,"abstract":"While multi-tenant cloud computing provides great benefits in terms of resource sharing, it introduces a new security landscape and requires strong network isolation guarantees between the tenants. Such network isolation is typically implemented using network virtualization: Virtual switches residing in the virtualization layer enforce isolation, e.g., via tunnel protocols and per-tenant flow rules. The design of such switches is a very active topic: Since 2009 alone, at least 22 different designs have been introduced. Our systematic analysis of 22 virtual switches uncovers 4 security weaknesses: Co-location, single point of failure, privileged packet processing and manual packet parsing. An attacker can easily undermine network isolation by exploiting those weaknesses. Hence, we introduce 3 secure design principles to build a resilient virtual switch, thereby offering strong virtual network isolation.","PeriodicalId":230847,"journal":{"name":"Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124343552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Trust Modelling in 5G mobile networks 5G移动网络中的信任模型
Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges Pub Date : 2018-08-07 DOI: 10.1145/3229616.3229621
M. Surridge, Gianluca Correndo, K. Meacham, J. Papay, S. Phillips, Stefanie Wiegand, T. Wilkinson
{"title":"Trust Modelling in 5G mobile networks","authors":"M. Surridge, Gianluca Correndo, K. Meacham, J. Papay, S. Phillips, Stefanie Wiegand, T. Wilkinson","doi":"10.1145/3229616.3229621","DOIUrl":"https://doi.org/10.1145/3229616.3229621","url":null,"abstract":"5G technologies will change the business landscape for mobile network operation. The use of virtualization through SDN, NFV and Cloud computing offer significant savings of CAPEX and OPEX, but they also allow new stakeholders to rent infrastructure capacity and operate mobile networks, including specialized networks supporting so-called vertical applications serving specific business sectors. In the resulting diverse stakeholder communities, the old trust assumptions between network operators will no longer apply. There is a pressing need for a far broader understanding of trust in such networks if they are to operate safely and securely for the engaged stakeholder communities. This paper describes the work carried out in the 5G-ENSURE project to address this need.","PeriodicalId":230847,"journal":{"name":"Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121810635","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
High-coverage testing of softwarized networks 软件网络的高覆盖率测试
Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges Pub Date : 2018-08-07 DOI: 10.1145/3229616.3229617
S. Prabhu, G. Chaudhry, Brighten Godfrey, M. Caesar
{"title":"High-coverage testing of softwarized networks","authors":"S. Prabhu, G. Chaudhry, Brighten Godfrey, M. Caesar","doi":"10.1145/3229616.3229617","DOIUrl":"https://doi.org/10.1145/3229616.3229617","url":null,"abstract":"Network operators face a challenge of ensuring correctness as networks grow more complex, in terms of scale and increasingly in terms of diversity of software components. Network-wide verification approaches can spot errors, but assume a simplified abstraction of the functionality of individual network devices, which may deviate from the real implementation. In this paper, we propose a technique for high-coverage testing of end-to-end network correctness using the real software that is deployed in these networks. Our design is effectively a hybrid, using an explicit-state model checker to explore all network-wide execution paths and event orderings, but executing real software as subroutines for each device. We show that this approach can detect correctness issues that would be missed both by existing verification and testing approaches, and a prototype implementation suggests the technique can scale to larger networks with reasonable performance.","PeriodicalId":230847,"journal":{"name":"Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124980934","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Practical Authentication and Access Control for Software-Defined Networking over Optical Networks 基于光网络的软件定义网络的实用认证与访问控制
Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges Pub Date : 2018-08-07 DOI: 10.1145/3229616.3229619
J. Cho, T. Szyrkowiec
{"title":"Practical Authentication and Access Control for Software-Defined Networking over Optical Networks","authors":"J. Cho, T. Szyrkowiec","doi":"10.1145/3229616.3229619","DOIUrl":"https://doi.org/10.1145/3229616.3229619","url":null,"abstract":"A framework of Software-Defined Networking (SDN) provides a centralized and integrated method to manage and control modern optical networks. Unfortunately, the centralized and programmable structure of SDN introduces several new security threats, which may allow an adversary to take over the entire operation of the network. In this paper, we investigate the potential security threats of SDN over optical networks and propose a mutual authentication and a fine-grained access control mechanism, which are essential to avoid an unauthorized access to the network. The proposed schemes are based only on cryptographic hash functions and do not require an installation of the complicated cryptographic library such as SSL. Unlike conventional authentication and access control schemes, the proposed schemes are flexible, compact and, in addition, are resistant to quantum computer attacks, which may become critical in the near future.","PeriodicalId":230847,"journal":{"name":"Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115916238","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges 2018年软件网络安全研讨会论文集:展望与挑战
Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges Pub Date : 2018-08-07 DOI: 10.1145/3229616
{"title":"Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges","authors":"","doi":"10.1145/3229616","DOIUrl":"https://doi.org/10.1145/3229616","url":null,"abstract":"","PeriodicalId":230847,"journal":{"name":"Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125138049","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Preventing Malicious SDN Applications From Hiding Adverse Network Manipulations 防止恶意SDN应用程序隐藏不利的网络操作
Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges Pub Date : 2018-08-07 DOI: 10.1145/3229616.3229620
Christian Röpke, Thorsten Holz
{"title":"Preventing Malicious SDN Applications From Hiding Adverse Network Manipulations","authors":"Christian Röpke, Thorsten Holz","doi":"10.1145/3229616.3229620","DOIUrl":"https://doi.org/10.1145/3229616.3229620","url":null,"abstract":"In Software-Defined Networks (SDN), so called SDN controllers are responsible for managing the network devices building such a network. Once such a core component of the network has been infected with malicious software (e.g., by a malicious SDN application), an attacker typically has a strong interest in remaining undetected while compromising other devices in the network. Thus, hiding a malicious network state and corresponding network manipulations are important objectives for an adversary. To achieve this, rootkit techniques can be applied in order to manipulate the SDN controller's view of a network. As a consequence, monitoring capabilities of SDN controllers as well as SDN applications with a security focus can be fooled by hiding adverse network manipulations. To tackle this problem, we propose a novel approach capable of detecting and preventing hidden network manipulations before they can attack a network. In particular, our method is able to drop adverse network manipulations before they are applied on a network. We achieve this by comparing the actual network state, which includes both malicious and benign configurations, with the network state which is provided by a potentially compromised SDN controller. In case of an attack, the result of this comparison reveals network manipulations which are adversely removed from an SDN controller's view of a network. To demonstrate the capabilities of this approach, we implement a prototype and evaluate effectiveness as well as efficiency. The evaluation results indicate scalability and high performance of our system, while being able to protect major SDN controller platforms.","PeriodicalId":230847,"journal":{"name":"Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges","volume":"192 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129769679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
AEGIS “宙斯盾”
Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges Pub Date : 2018-08-07 DOI: 10.1145/3229616.3229623
Heedo Kang, Seungwon Shin, V. Yegneswaran, Shalini Ghosh, Phillip A. Porras
{"title":"AEGIS","authors":"Heedo Kang, Seungwon Shin, V. Yegneswaran, Shalini Ghosh, Phillip A. Porras","doi":"10.1145/3229616.3229623","DOIUrl":"https://doi.org/10.1145/3229616.3229623","url":null,"abstract":"An important consideration in Software-defined Networks (SDNs), is that one SDN application, through a bug or API misuse, can break an entire SDN. While previous works have tried to mitigate such concerns by implementing access control mechanisms (permission models) for an SDN controller, they commonly require serious manual efforts in creating a permission model. Moreover, they do not support flexible permission models, and they are often tightly coupled with a specific SDN controller. To address such limitations, we introduce an automated permission generation and verification system called AEGIS. A distinguishing aspect of AEGIS is that it automatically generates flexible permission models and yet is completely separated from an SDN controller implementation. To demonstrate the feasibility of our approach, we implement a prototype, evaluate its completeness and soundness, and examine its usability in the context of popular SDN controllers.","PeriodicalId":230847,"journal":{"name":"Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122613579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
HEX Switch: Hardware-assisted security extensions of OpenFlow HEX Switch: OpenFlow的硬件辅助安全扩展
Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges Pub Date : 2018-08-07 DOI: 10.1145/3229616.3229622
Taejune Park, Zhaoyan Xu, Seungwon Shin
{"title":"HEX Switch: Hardware-assisted security extensions of OpenFlow","authors":"Taejune Park, Zhaoyan Xu, Seungwon Shin","doi":"10.1145/3229616.3229622","DOIUrl":"https://doi.org/10.1145/3229616.3229622","url":null,"abstract":"Software-defined networking (SDN) and Network Function Virtualization (NFV) have inspired security researchers to devise new security applications for these new network technology. However, since SDN and NFV are basically faithful to operating a network, they only focus on providing features related to network control. Therefore, it is challenging to implement complex security functions such as packet payload inspection. Several studies have addressed this challenge through an SDN data plane extension, but there were problems with performance and control interfaces. In this paper, we introduce a new data plane architecture, HEX which leverages existing data plane architectures for SDN to enable network security applications in an SDN environment efficiently and effectively. HEX provides security services as a set of OpenFlow actions ensuring high performance and a function of handling multiple SDN actions with a simple control command. We implemented a DoS detector and Deep Packet Inspection (DPI) as the prototype features of HEX using the NetFPGA-1G-CML, and our evaluation results demonstrate that HEX can provide security services as a line-rate performance.","PeriodicalId":230847,"journal":{"name":"Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124332732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信