dc.contributor.author | Marku, Enio | |
dc.contributor.author | Biczok, Gergely | |
dc.contributor.author | Boyd, Colin Alexander | |
dc.date.accessioned | 2022-04-05T08:20:49Z | |
dc.date.available | 2022-04-05T08:20:49Z | |
dc.date.created | 2022-01-19T20:21:56Z | |
dc.date.issued | 2021 | |
dc.identifier.isbn | 978-1-6654-0522-5 | |
dc.identifier.uri | https://hdl.handle.net/11250/2989816 | |
dc.description.abstract | A recent trend is to outsource virtual network functions (VNFs) to a third-party service provider, such as a public cloud. Since the cloud is usually not trusted, redirecting enterprise traffic to such an entity introduces security concerns. In addition to protecting enterprise traffic, it is also desirable to protect VNF code, policies and states. Existing outsourcing solutions fall short in either supporting stateful VNFs, catering for all security requirements, or providing adequate performance.In this paper we present SafeLib, a trusted hardware based outsourcing solution built on Intel SGX. SafeLib provides i) support for stateful VNFs, ii) support for illegal SGX instructions by integrating Graphene-SGX, iii) protection of both packet headers and payload for enterprise user traffic, VNF policies and VNF code, and iv) integration of libVNF for streamlined VNF development. Our performance evaluation shows that SafeLib scales properly for multiple cores, and introduces a reasonable performance overhead. We also outline plans to further improve SafeLib to satisfy even more stringent functional, security and performance requirements. | en_US |
dc.language.iso | eng | en_US |
dc.publisher | Institute of Electrical and Electronics Engineers (IEEE) | en_US |
dc.relation.ispartof | 7th IEEE International Conference on Network Softwarization, NetSoft 2021 | |
dc.title | SafeLib: a practical library for outsourcing stateful network functions securely | en_US |
dc.type | Chapter | en_US |
dc.description.version | acceptedVersion | en_US |
dc.rights.holder | © IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. | en_US |
dc.source.pagenumber | 244-252 | en_US |
dc.identifier.doi | 10.1109/NetSoft51509.2021.9492579 | |
dc.identifier.cristin | 1985417 | |
cristin.ispublished | true | |
cristin.fulltext | postprint | |
cristin.qualitycode | 1 | |