Abstract
While multi-tenant cloud computing provides great benefits in terms of resource sharing, it introduces a new security landscape and requires strong network isolation guarantees between the tenants. Such network isolation is typically implemented using network virtualization: Virtual switches residing in the virtualization layer enforce isolation, e.g., via tunnel protocols and per-tenant flow rules. The design of such switches is a very active topic: Since 2009 alone, at least 22 different designs have been introduced. Our systematic analysis of 22 virtual switches uncovers 4 security weaknesses: Colocation, single point of failure, privileged packet processing and manual packet parsing. An attacker can easily undermine network isolation by exploiting those weaknesses. Hence, we introduce 3 secure design principles to build a resilient virtual switch, thereby offering strong virtual network isolation.
Originalsprog | Engelsk |
---|---|
Titel | SecSoN 2018 - Proceedings of the 2018 Workshop on Security in Softwarized Networks : Prospects and Challenges, Part of SIGCOMM 2018 |
Antal sider | 7 |
Forlag | Association for Computing Machinery |
Publikationsdato | 7 aug. 2018 |
Sider | 1-7 |
ISBN (Elektronisk) | 9781450359122 |
DOI | |
Status | Udgivet - 7 aug. 2018 |
Udgivet eksternt | Ja |
Begivenhed | 1st Workshop on Security in Softwarized Networks: Prospects and Challenges, SecSoN 2018, held in conjunction with the ACM SIGCOMM 2018 - Budapest, Ungarn Varighed: 24 aug. 2018 → 24 aug. 2018 |
Konference
Konference | 1st Workshop on Security in Softwarized Networks: Prospects and Challenges, SecSoN 2018, held in conjunction with the ACM SIGCOMM 2018 |
---|---|
Land/Område | Ungarn |
By | Budapest |
Periode | 24/08/2018 → 24/08/2018 |
Sponsor | ACM SIGCOMM |