基于tee的可编程设备协同流量策略编译中的隐私保护

A. C. Risdianto, E. Chang
{"title":"基于tee的可编程设备协同流量策略编译中的隐私保护","authors":"A. C. Risdianto, E. Chang","doi":"10.1145/3445968.3452091","DOIUrl":null,"url":null,"abstract":"Maintaining the integrity of network devices policy across a different organization is very challenging since the devices are shared for multiple traffic forwarding purposes, including public Internet access. An organization's administrator can put unnecessary (i.e., wrong) policy that may leak the private traffic between the organizations to a public network. It can be avoided by exchanging the network traffic policy between the organizations but keeping the confidentiality of the policies among them (i.e., to avoid honest-but-curious adversary) is very challenging. Furthermore, there is also no guarantee that the policy is properly enforced into the network device. An administrator can intentionally put malicious policies that allow the attacker to enter the organization's network (i.e., malicious adversary). This paper proposed a cross-organization network traffic policy compilation that preserves the policy privacy and ensures its enforcement to the network devices. It utilizes a trusted execution environment (TEE) to compile the high-level traffic policies into low-level rules for the programmable network device. Then, the rules are easily pushed and optimized by using hardware programming abstraction.","PeriodicalId":339365,"journal":{"name":"Proceedings of the 2021 ACM International Workshop on Software Defined Networks & Network Function Virtualization Security","volume":"59 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"TEE-based Privacy-Preserve in Collaborative Traffic Policy Compilation for Programmable Devices\",\"authors\":\"A. C. Risdianto, E. Chang\",\"doi\":\"10.1145/3445968.3452091\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Maintaining the integrity of network devices policy across a different organization is very challenging since the devices are shared for multiple traffic forwarding purposes, including public Internet access. An organization's administrator can put unnecessary (i.e., wrong) policy that may leak the private traffic between the organizations to a public network. It can be avoided by exchanging the network traffic policy between the organizations but keeping the confidentiality of the policies among them (i.e., to avoid honest-but-curious adversary) is very challenging. Furthermore, there is also no guarantee that the policy is properly enforced into the network device. An administrator can intentionally put malicious policies that allow the attacker to enter the organization's network (i.e., malicious adversary). This paper proposed a cross-organization network traffic policy compilation that preserves the policy privacy and ensures its enforcement to the network devices. It utilizes a trusted execution environment (TEE) to compile the high-level traffic policies into low-level rules for the programmable network device. Then, the rules are easily pushed and optimized by using hardware programming abstraction.\",\"PeriodicalId\":339365,\"journal\":{\"name\":\"Proceedings of the 2021 ACM International Workshop on Software Defined Networks & Network Function Virtualization Security\",\"volume\":\"59 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-04-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2021 ACM International Workshop on Software Defined Networks & Network Function Virtualization Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3445968.3452091\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2021 ACM International Workshop on Software Defined Networks & Network Function Virtualization Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3445968.3452091","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

维护跨不同组织的网络设备策略的完整性是非常具有挑战性的,因为这些设备是为了多种流量转发目的而共享的,包括公共Internet访问。组织的管理员可以设置不必要的(即错误的)策略,这可能会将组织之间的私有流量泄漏到公共网络。它可以通过在组织之间交换网络流量策略来避免,但在组织之间保持策略的机密性(即,避免诚实但好奇的对手)是非常具有挑战性的。此外,也不能保证在网络设备中正确执行策略。管理员可以故意设置恶意策略,允许攻击者进入组织的网络(即恶意对手)。本文提出了一种跨组织的网络流量策略编制方法,既保护了策略的隐私性,又保证了策略对网络设备的强制执行。它利用可信执行环境(TEE)将高级流量策略编译为可编程网络设备的低级规则。然后,利用硬件编程抽象,方便地对规则进行推送和优化。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
TEE-based Privacy-Preserve in Collaborative Traffic Policy Compilation for Programmable Devices
Maintaining the integrity of network devices policy across a different organization is very challenging since the devices are shared for multiple traffic forwarding purposes, including public Internet access. An organization's administrator can put unnecessary (i.e., wrong) policy that may leak the private traffic between the organizations to a public network. It can be avoided by exchanging the network traffic policy between the organizations but keeping the confidentiality of the policies among them (i.e., to avoid honest-but-curious adversary) is very challenging. Furthermore, there is also no guarantee that the policy is properly enforced into the network device. An administrator can intentionally put malicious policies that allow the attacker to enter the organization's network (i.e., malicious adversary). This paper proposed a cross-organization network traffic policy compilation that preserves the policy privacy and ensures its enforcement to the network devices. It utilizes a trusted execution environment (TEE) to compile the high-level traffic policies into low-level rules for the programmable network device. Then, the rules are easily pushed and optimized by using hardware programming abstraction.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
A Survey on the Verification of Adversarial Data Planes in Software-Defined Networks Security-focused Networks of the Future TEE-based Privacy-Preserve in Collaborative Traffic Policy Compilation for Programmable Devices Towards a Blockchain-SDN Architecture for Secure and Trustworthy 5G Massive IoT Networks Proceedings of the 2021 ACM International Workshop on Software Defined Networks & Network Function Virtualization Security
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1