Universal Trusted Execution Environments for Securing SDN/NFV Operations

Abstract

With SDN/NFV, the telecom industry embraces operational flexibility and cost optimization, while facing new risks from off-premise cloud computing, known as introspection by malicious operators. Introspection is identified as a serious risk only by the IT industry in general when considering cloud operation. To mitigate it, processor vendors have invested in the last decade to design Trusted Execution Environments (TEEs) plugged into their processor architectures. TEEs bring a quantum hardware-level security higher than any software-based security. They are all essentially aimed at protecting data and code when executed and processed in the cloud or in untrusted environment. In this paper, we emphasize on the blocking factors for the use of TEEs today: processor market fragmentation, major architectural and design deviations between TEEs from various CPU vendors and finally, a relatively complex enablement of these TEE technologies for non-security experts. We describe a code interpretation solution to break those blocking factors by providing a universal abstraction layer for TEEs. The paper gives a conceptual blueprint of a solution that enables Intel's SGX and AMD's SEV, defined as the most contemplated candidates in this paper for SDN/NFV or 5G deployment. Our study presents the key challenges and advanced functionalities we view as essential for meeting key SDN/NFV requirements and which are deploy ability, software performance and easy setup. Innovative directions are given to deal efficiently with these upcoming requirements.

Mehr zum Titel

Titel	Universal Trusted Execution Environments for Securing SDN/NFV Operations
Medien	ARES 2018: Proceedings of the 13th International Conference on Availability, Reliability and Security
Heft	44
Verfasser	Vincent Lefebvre, Gianni Santinelli, Prof. Dr. Tilo Müller, Johannes Götzfried
Seiten	S. 1-9
Veröffentlichungsdatum	27.08.2018
Zitation	Lefebvre, Vincent; Santinelli, Gianni; Müller, Tilo; Götzfried, Johannes (2018): Universal Trusted Execution Environments for Securing SDN/NFV Operations. ARES 2018: Proceedings of the 13th International Conference on Availability, Reliability and Security (44), S. 1-9.