Challenges towards protecting VNF with SGX

Juan Wang; Chengyang Fan; Shirong Hao; Jie Wang; Yi Li; Lin Han; Zhi Hong; Hongxin Hu

doi:10.1145/3180465.3180476

Challenges towards protecting VNF with SGX

Juan Wang
, Chengyang Fan
, Shirong Hao
, Jie Wang
, Yi Li
, Lin Han
, Zhi Hong
, Hongxin Hu

Department of Computer Science and Engineering

Wuhan University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

16 Scopus citations

Abstract

Network Function Virtualization (NFV) is an emerging technology to implement network functions in software, which reduces equipment costs (CAPEX) and operational cost (OPEX) through decoupling network functions from network dedicated devices and deploying them on high-volume standard servers and running as virtual instances. However, due to running in a shared and open environment and lacking the protection of proprietary hardware, virtual network functions (VNFs) face more security threats than traditional network functions. Hence, it is crucial to build a trusted execution environment to protect VNFs. In this paper, we first analyze the challenges for VNF security protection. We then propose a lightweight and trusted execution environment for securing VNFs based on SGX and Click. To demonstrate the feasibility of our approach, we implement a DDoS defense function on top of our environment and conduct paramilitary evaluations. Our evaluation results show that our system only introduces manageable performance overhead for protecting VNFs.

Original language	English
Title of host publication	SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018
Publisher	Association for Computing Machinery, Inc
Pages	39-42
Number of pages	4
ISBN (Electronic)	9781450356350
DOIs	https://doi.org/10.1145/3180465.3180476
State	Published - Mar 14 2018
Event	2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2018 - Tempe, United States Duration: Mar 21 2018 → …

Publication series

Name	SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018
Volume	2018-January

Conference

Conference	2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2018
Country/Territory	United States
City	Tempe
Period	03/21/18 → …

Keywords

Click
Intel SGX
NFV
Trust
VNF

Access to Document

10.1145/3180465.3180476

Cite this

Wang, J., Fan, C., Hao, S., Wang, J., Li, Y., Han, L., Hong, Z., & Hu, H. (2018). Challenges towards protecting VNF with SGX. In SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018 (pp. 39-42). (SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018; Vol. 2018-January). Association for Computing Machinery, Inc. https://doi.org/10.1145/3180465.3180476

Wang, Juan ; Fan, Chengyang ; Hao, Shirong et al. / Challenges towards protecting VNF with SGX. SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018. Association for Computing Machinery, Inc, 2018. pp. 39-42 (SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018).

@inproceedings{9f69a34ea8eb4bf984fff974fbe6365a,

title = "Challenges towards protecting VNF with SGX",

abstract = "Network Function Virtualization (NFV) is an emerging technology to implement network functions in software, which reduces equipment costs (CAPEX) and operational cost (OPEX) through decoupling network functions from network dedicated devices and deploying them on high-volume standard servers and running as virtual instances. However, due to running in a shared and open environment and lacking the protection of proprietary hardware, virtual network functions (VNFs) face more security threats than traditional network functions. Hence, it is crucial to build a trusted execution environment to protect VNFs. In this paper, we first analyze the challenges for VNF security protection. We then propose a lightweight and trusted execution environment for securing VNFs based on SGX and Click. To demonstrate the feasibility of our approach, we implement a DDoS defense function on top of our environment and conduct paramilitary evaluations. Our evaluation results show that our system only introduces manageable performance overhead for protecting VNFs.",

keywords = "Click, Intel SGX, NFV, Trust, VNF",

author = "Juan Wang and Chengyang Fan and Shirong Hao and Jie Wang and Yi Li and Lin Han and Zhi Hong and Hongxin Hu",

note = "Publisher Copyright: {\textcopyright} 2018 Association for Computing Machinery.; 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2018 ; Conference date: 21-03-2018",

year = "2018",

month = mar,

day = "14",

doi = "10.1145/3180465.3180476",

language = "English",

series = "SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018",

publisher = "Association for Computing Machinery, Inc",

pages = "39--42",

booktitle = "SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018",

}

Wang, J, Fan, C, Hao, S, Wang, J, Li, Y, Han, L, Hong, Z & Hu, H 2018, Challenges towards protecting VNF with SGX. in SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018. SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018, vol. 2018-January, Association for Computing Machinery, Inc, pp. 39-42, 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2018, Tempe, United States, 03/21/18. https://doi.org/10.1145/3180465.3180476

Challenges towards protecting VNF with SGX. / Wang, Juan; Fan, Chengyang; Hao, Shirong et al.
SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018. Association for Computing Machinery, Inc, 2018. p. 39-42 (SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018; Vol. 2018-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Challenges towards protecting VNF with SGX

AU - Wang, Juan

AU - Fan, Chengyang

AU - Hao, Shirong

AU - Wang, Jie

AU - Li, Yi

AU - Han, Lin

AU - Hong, Zhi

AU - Hu, Hongxin

PY - 2018/3/14

Y1 - 2018/3/14

N2 - Network Function Virtualization (NFV) is an emerging technology to implement network functions in software, which reduces equipment costs (CAPEX) and operational cost (OPEX) through decoupling network functions from network dedicated devices and deploying them on high-volume standard servers and running as virtual instances. However, due to running in a shared and open environment and lacking the protection of proprietary hardware, virtual network functions (VNFs) face more security threats than traditional network functions. Hence, it is crucial to build a trusted execution environment to protect VNFs. In this paper, we first analyze the challenges for VNF security protection. We then propose a lightweight and trusted execution environment for securing VNFs based on SGX and Click. To demonstrate the feasibility of our approach, we implement a DDoS defense function on top of our environment and conduct paramilitary evaluations. Our evaluation results show that our system only introduces manageable performance overhead for protecting VNFs.

AB - Network Function Virtualization (NFV) is an emerging technology to implement network functions in software, which reduces equipment costs (CAPEX) and operational cost (OPEX) through decoupling network functions from network dedicated devices and deploying them on high-volume standard servers and running as virtual instances. However, due to running in a shared and open environment and lacking the protection of proprietary hardware, virtual network functions (VNFs) face more security threats than traditional network functions. Hence, it is crucial to build a trusted execution environment to protect VNFs. In this paper, we first analyze the challenges for VNF security protection. We then propose a lightweight and trusted execution environment for securing VNFs based on SGX and Click. To demonstrate the feasibility of our approach, we implement a DDoS defense function on top of our environment and conduct paramilitary evaluations. Our evaluation results show that our system only introduces manageable performance overhead for protecting VNFs.

KW - Click

KW - Intel SGX

KW - NFV

KW - Trust

KW - VNF

UR - https://www.scopus.com/pages/publications/85052025427

U2 - 10.1145/3180465.3180476

DO - 10.1145/3180465.3180476

M3 - Conference contribution

AN - SCOPUS:85052025427

T3 - SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018

SP - 39

EP - 42

BT - SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018

PB - Association for Computing Machinery, Inc

T2 - 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2018

Y2 - 21 March 2018

ER -

Wang J, Fan C, Hao S, Wang J, Li Y, Han L et al. Challenges towards protecting VNF with SGX. In SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018. Association for Computing Machinery, Inc. 2018. p. 39-42. (SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018). doi: 10.1145/3180465.3180476

Challenges towards protecting VNF with SGX

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this