Next Article in Journal
Knowledge-Graph-Based Drug Repositioning against COVID-19 by Graph Convolutional Network with Attention Mechanism
Previous Article in Journal
Evaluation of Digital Piracy by Youths
Previous Article in Special Issue
ndnIoT-FC: IoT Devices as First-Class Traffic in Name Data Networks
Open AccessArticle

Design and Implementation of Virtual Security Function Based on Multiple Enclaves

by 1,2,*, 1,2, 1,2, 1,2 and 1,2
School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China
Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education, Wuhan 430072, China
Author to whom correspondence should be addressed.
Future Internet 2021, 13(1), 12;
Received: 1 December 2020 / Revised: 29 December 2020 / Accepted: 2 January 2021 / Published: 6 January 2021
(This article belongs to the Special Issue Feature Papers for Future Internet—Internet of Things Section)
Network function virtualization (NFV) provides flexible and scalable network function for the emerging platform, such as the cloud computing, edge computing, and IoT platforms, while it faces more security challenges, such as tampering with network policies and leaking sensitive processing states, due to running in a shared open environment and lacking the protection of proprietary hardware. Currently, Intel® Software Guard Extensions (SGX) provides a promising way to build a secure and trusted VNF (virtual network function) by isolating VNF or sensitive data into an enclave. However, directly placing multiple VNFs in a single enclave will lose the scalability advantage of NFV. This paper combines SGX and click technology to design the virtual security function architecture based on multiple enclaves. In our design, the sensitive modules of a VNF are put into different enclaves and communicate by local attestation. The system can freely combine these modules according to user requirements, and increase the scalability of the system while protecting its running state security. In addition, we design a new hot-swapping scheme to enable the system to dynamically modify the configuration function at runtime, so that the original VNFs do not need to stop when the function of VNFs is modified. We implement an IDS (intrusion detection system) based on our architecture to verify the feasibility of our system and evaluate its performance. The results show that the overhead introduced by the system architecture is within an acceptable range. View Full-Text
Keywords: NFV; SGX; enclave; hot swapping; click NFV; SGX; enclave; hot swapping; click
Show Figures

Figure 1

MDPI and ACS Style

Wang, J.; Yu, Y.; Li, Y.; Fan, C.; Hao, S. Design and Implementation of Virtual Security Function Based on Multiple Enclaves. Future Internet 2021, 13, 12.

AMA Style

Wang J, Yu Y, Li Y, Fan C, Hao S. Design and Implementation of Virtual Security Function Based on Multiple Enclaves. Future Internet. 2021; 13(1):12.

Chicago/Turabian Style

Wang, Juan; Yu, Yang; Li, Yi; Fan, Chengyang; Hao, Shirong. 2021. "Design and Implementation of Virtual Security Function Based on Multiple Enclaves" Future Internet 13, no. 1: 12.

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

Search more from Scilit
Back to TopTop 无码中文有码中文人妻中文,男人的天堂AV国产在线,亚洲色图,国产精品人妻在线观看,国产九九自拍亚洲