Abstract
While multi-tenant cloud computing provides great benefits in terms of resource sharing, it introduces a new security landscape and requires strong network isolation guarantees between the tenants. Such network isolation is typically implemented using network virtualization: Virtual switches residing in the virtualization layer enforce isolation, e.g., via tunnel protocols and per-tenant flow rules. The design of such switches is a very active topic: Since 2009 alone, at least 22 different designs have been introduced. Our systematic analysis of 22 virtual switches uncovers 4 security weaknesses: Colocation, single point of failure, privileged packet processing and manual packet parsing. An attacker can easily undermine network isolation by exploiting those weaknesses. Hence, we introduce 3 secure design principles to build a resilient virtual switch, thereby offering strong virtual network isolation.
| Originalsprog | Engelsk |
|---|---|
| Titel | SecSoN 2018 - Proceedings of the 2018 Workshop on Security in Softwarized Networks : Prospects and Challenges, Part of SIGCOMM 2018 |
| Antal sider | 7 |
| Forlag | Association for Computing Machinery |
| Publikationsdato | 7 aug. 2018 |
| Sider | 1-7 |
| ISBN (Elektronisk) | 9781450359122 |
| DOI | |
| Status | Udgivet - 7 aug. 2018 |
| Udgivet eksternt | Ja |
| Begivenhed | 1st Workshop on Security in Softwarized Networks: Prospects and Challenges, SecSoN 2018, held in conjunction with the ACM SIGCOMM 2018 - Budapest, Ungarn Varighed: 24 aug. 2018 → 24 aug. 2018 |
Konference
| Konference | 1st Workshop on Security in Softwarized Networks: Prospects and Challenges, SecSoN 2018, held in conjunction with the ACM SIGCOMM 2018 |
|---|---|
| Land/Område | Ungarn |
| By | Budapest |
| Periode | 24/08/2018 → 24/08/2018 |
| Sponsor | ACM SIGCOMM |