Publication | Closed Access
S-NFV
97
Citations
6
References
2016
Year
Unknown Venue
EngineeringInformation SecuritySoftware Defined SecuritySoftware AnalysisHardware SecuritySecure ComputingIntrusion Detection SystemVirtualization SecurityOperating System SecurityComputer EngineeringComputer ScienceNetwork Function VirtualizationData SecurityCryptographySoftware SecurityProgram AnalysisCloud ComputingSecurityContent Distribution NetworkSystem Software
Network Function Virtualization (NFV) applications are stateful. For example, a Content Distribution Network (CDN) caches web contents from remote servers and serves them to clients. Similarly, an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) have both per-flow and multi-flow (shared) states to properly react to intrusions. On today's NFV infrastructures, security vulnerabilities many allow attackers to steal and manipulate the internal states of NFV applications that share a physical resource. In this paper, we propose a new protection scheme, S-NFV that incorporates Intel Software Guard Extensions (Intel SGX) to securely isolate the states of NFV applications.
| Year | Citations | |
|---|---|---|
Page 1
Page 1