摘要:Network functions such as intrusion detection systems (IDS) have been increasingly deployed as virtual network functions or outsourced to cloud service providers so as to achieve the scalability and agility, and reducing equipment costs and operational cost. However, virtual intrusion detection systems (VIDS) face more serious security threats due to running in a shared and virtualized environment instead of proprietary devices. Cloud service providers or malicious tenants may illegally access and tamper with the policies, packet information, and internal processing states of intrusion detection systems, thereby violating the privacy and security of tenant’s networks. To address these challenges, we use Intel Software Guard Extensions (SGX) to build a Trusted Virtual Intrusion Detection System (TVIDS). For TVIDS, to prevent cloud service providers from accessing sensitive information about the users’ network, we build a trusted execution environment for security policy, packets processing, and internal state so that cloud service providers and other malicious tenants can’t access the protected code, policy, processing states, and packets information of the intrusion detection system. We implemented TVIDS on the basis of the Snort which is a famous open-source IDS and evaluated its results on real SGX hardware.The results show that our method can protect the security of the virtual IDS and brings acceptable performance overhead.
注:因版权方要求,不能公开全文,如需全文,请咨询杂志社
热门期刊
Journal of Central South University The Journal of China Universities of Posts and Telecommunications Journal of Ocean University of China Journal of Integrative Plant Biology Journal of Zhejiang University Science A Earthquake Engineering and Engineering Vibration Journal of Wuhan University of Technology Journal of Zhejiang University Science B Journal of Huazhong University of Science and Technology 福建水力发电 中国三峡建设 水科学与工程技术