Ludovic Jacquin

Towards trusted software-defined networks using a hardware-based Integrity Measurement Architecture

The rise of software-defined networks in recent years has allowed unprecedented agility in network configuration and orchestration. As physical links and configurations become virtualised, this has created many opportunities for dynamic and transparent deployment of services. This however, opens up a potential attack surface for new forms of attack. Thus, with the combination of SDN elements abstracting their administration to network administrators and the growing attack surface in network element software, this creates the possibility for malicious routers which do not comply with the higher-level abstractions used by their respective controllers. This paper focuses on building an assurable SDN network using Trusted computing mechanisms to: (A) provide a strong hardware-based platform identity to check that network element software is healthy, and (B) increase assurance that traffic flows are being forwarded to their intended destinations by dynamically monitoring the low-level configurations used to route virtual LANs. The architecture as a whole provides a mechanism to check the network posture, bridging the gap between the areas of remote attestation and virtual networking.

The Trust Problem in Modern Network Infrastructures

SDN and NFV are modern techniques to implement networking infrastructures and can be used also to implement other advanced functionalities, such as the protection architecture designed by the SECURED project. This paper discusses a couple of techniques – trustworthy network infrastructure monitoring and remote attestation of virtual machines – useful towards a trusted and secure usage of SDN and NFV.

SHIELD: A novel NFV-based cybersecurity framework

SHIELD is an EU-funded project, targeting at the design and development of a novel cybersecurity framework, which offers security-as-a-Service in an evolved telco environment. The SHIELD framework leverages NFV (Network Functions Virtualization) and SDN (Software-Defined Networking) for virtualization and dynamic placement of virtualised security appliances in the network (virtual Network Security Functions - vNSFs), Big Data analytics for real-time incident detection and mitigation, as well as attestation techniques for securing both the infrastructure and the services. This papers discusses key use cases and requirements for the SHIELD framework and presents a high-level architectural approach.

SHIELD: Securing Against Intruders and Other Threats Through an NFV-Enabled Environment

Organisations are witnessing an unprecedented escalation of cyber-crime attacks and struggle to protect against them. Rethinking security is required to cope with numerous new challenges arising today: the sophistication of new attacks, the increasing weakness of traditional security controls, the explosion of data to be collected and analysed to detect threats and the ongoing transformation of IT – such as virtualisation and cloud computing.