Adrian Shaw

Virtualized security at the network edge: a user-centric approach

The current device-centric protection model against security threats has serious limitations. On one hand, the proliferation of user terminals such as smartphones, tablets, notebooks, smart TVs, game consoles, and desktop computers makes it extremely difficult to achieve the same level of protection regardless of the device used. On the other hand, when various users share devices (e.g., parents and kids using the same devices at home), the setup of distinct security profiles, policies, and protection rules for the different users of a terminal is far from trivial. In light of this, this article advocates for a paradigm shift in user protection. In our model, protection is decoupled from users terminals, and it is provided by the access network through a trusted virtual domain. Each trusted virtual domain provides unified and homogeneous security for a single user irrespective of the terminal employed. We describe a user-centric model where nontechnically savvy users can define their own profiles and protection rules in an intuitive way. We show that our model can harness the virtualization power offered by next-generation access networks, especially from network functions virtualization in the points of presence at the edge of telecom operators. We also analyze the distinctive features of our model, and the challenges faced based on the experience gained in the development of a proof of concept.

Towards trusted software-defined networks using a hardware-based Integrity Measurement Architecture

The rise of software-defined networks in recent years has allowed unprecedented agility in network configuration and orchestration. As physical links and configurations become virtualised, this has created many opportunities for dynamic and transparent deployment of services. This however, opens up a potential attack surface for new forms of attack. Thus, with the combination of SDN elements abstracting their administration to network administrators and the growing attack surface in network element software, this creates the possibility for malicious routers which do not comply with the higher-level abstractions used by their respective controllers. This paper focuses on building an assurable SDN network using Trusted computing mechanisms to: (A) provide a strong hardware-based platform identity to check that network element software is healthy, and (B) increase assurance that traffic flows are being forwarded to their intended destinations by dynamically monitoring the low-level configurations used to route virtual LANs. The architecture as a whole provides a mechanism to check the network posture, bridging the gap between the areas of remote attestation and virtual networking.

The Trust Problem in Modern Network Infrastructures

SDN and NFV are modern techniques to implement networking infrastructures and can be used also to implement other advanced functionalities, such as the protection architecture designed by the SECURED project. This paper discusses a couple of techniques – trustworthy network infrastructure monitoring and remote attestation of virtual machines – useful towards a trusted and secure usage of SDN and NFV.

Exploring Granular flow Integrity for Interconnected Trusted Platforms

Existing attestation solutions based on Linux Integrity Measurement Architecture treat the network as an untrusted input. Thus, they often employ strict access control mechanisms with tunneling policies to prevent network flows from tainting the system. However, these different access control policies are challenging for administrators to model and verify for different Linux deployments, making them difficult to deploy in practice. This paper discusses a novel method to bridge the gap between disparate information flow graphs and proposes a prototype of a new kernel-based network flow logger and attestation hooks. Results obtained show that the system impact is minimal in terms of system resources and is more flexible to deploy.

Separating Translation from Protection in Address Spaces with Dynamic Remapping

It is time to reconsider memory protection. The emergence of large non-volatile main memories, scalable interconnects, and rack-scale computers running large numbers of small micro services creates significant challenges for memory protection based solely on MMU mechanisms. Central to this is a tension between protection and translation: optimizing for translation performance often comes with a cost in protection flexibility. We argue that a key-based memory protection scheme, complementary to but separate from regular page-level translation, is a better match for this new world. We present MaKC, a new architecture which combines two levels of capability-based protection to scale fine-grained memory protection at both user and kernel level to large numbers of protection domains without compromising efficiency at scale or ease of revocation.

Trust in SDN/NFV environments

The SDN and NFV architectures heavily rely on specific software modules executed at distributed nodes. These modules may act differently from their expected behaviour due to errors or attacks. Remote attestation is a procedure able to reliably report the software state of a node to a third party. It can be used to evaluate the software integrity of a SDN/NFV node and hence its trustworthiness to execute the desired applications. The use of remote attestation in network environments is quite new, and it is raising interest not only in the research community but also in the industry, as demonstrated by its consideration in the ETSI NFV standardisation effort. In this chapter, we present a solution to evaluate trust in SDN/NFV environments by exploiting remote attestation and propose some enhancements with respect to the basic architecture. From the implementation point of view, two approaches are compared for attestation of virtualised instances, and their respective performance is evaluated. Additionally, we discuss how the remote attestation architecture fits in the management and orchestration of SDN/NFV environments.