Ming-Wei Shih, Mohan Kumar, Taesoo Kim, Ada Gavrilovska
{"title":"S-NFV: Securing NFV states by using SGX","authors":"Ming-Wei Shih, Mohan Kumar, Taesoo Kim, Ada Gavrilovska","doi":"10.1145/2876019.2876032","DOIUrl":null,"url":null,"abstract":"Network Function Virtualization (NFV) applications are stateful. For example, a Content Distribution Network (CDN) caches web contents from remote servers and serves them to clients. Similarly, an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) have both per-flow and multi-flow (shared) states to properly react to intrusions. On today's NFV infrastructures, security vulnerabilities many allow attackers to steal and manipulate the internal states of NFV applications that share a physical resource. In this paper, we propose a new protection scheme, S-NFV that incorporates Intel Software Guard Extensions (Intel SGX) to securely isolate the states of NFV applications.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"108","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2876019.2876032","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 108
Abstract
Network Function Virtualization (NFV) applications are stateful. For example, a Content Distribution Network (CDN) caches web contents from remote servers and serves them to clients. Similarly, an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) have both per-flow and multi-flow (shared) states to properly react to intrusions. On today's NFV infrastructures, security vulnerabilities many allow attackers to steal and manipulate the internal states of NFV applications that share a physical resource. In this paper, we propose a new protection scheme, S-NFV that incorporates Intel Software Guard Extensions (Intel SGX) to securely isolate the states of NFV applications.
NFV (Network Function Virtualization)应用是有状态的。例如,CDN (Content Distribution Network)缓存来自远程服务器的web内容,并将其提供给客户端。类似地,入侵检测系统(IDS)和入侵防御系统(IPS)同时具有单流和多流(共享)状态,以正确响应入侵。在当今的NFV基础设施中,许多安全漏洞允许攻击者窃取和操纵共享物理资源的NFV应用程序的内部状态。在本文中,我们提出了一种新的保护方案,S-NFV,它结合了英特尔软件保护扩展(英特尔SGX)来安全隔离NFV应用程序的状态。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
