4 research outputs found
Prelude: Ensuring Inter-Domain Loop-Freedom in~SDN-Enabled Networks
Software-Defined-eXchanges (SDXes) promise to tackle the timely quest of
bringing improving the inter-domain routing ecosystem through SDN deployment.
Yet, the naive deployment of SDN on the Internet raises concerns about the
correctness of the inter-domain data-plane. By allowing operators to deflect
traffic from the default BGP route, SDN policies are susceptible of creating
permanent forwarding loops invisible to the control-plane.
In this paper, we propose a system, called Prelude, for detecting SDN-induced
forwarding loops between SDXes with high accuracy without leaking the private
routing information of network operators. To achieve this, we leverage Secure
Multi-Party Computation (SMPC) techniques to build a novel and general
privacy-preserving primitive that detects whether any subset of SDN rules might
affect the same portion of traffic without learning anything about those rules.
We then leverage that primitive as the main building block of a distributed
system tailored to detect forwarding loops among any set of SDXes. We leverage
the particular nature of SDXes to further improve the efficiency of our SMPC
solution.
The number of valid SDN rules, i.e., not creating loops, rejected by our
solution is 100x lower than previous privacy-preserving solutions, and also
provides better privacy guarantees. Furthermore, our solution naturally
provides network operators with some hindsight on the cost of the deflected
paths
SAGE: Software-based Attestation for GPU Execution
With the application of machine learning to security-critical and sensitive
domains, there is a growing need for integrity and privacy in computation using
accelerators, such as GPUs. Unfortunately, the support for trusted execution on
GPUs is currently very limited - trusted execution on accelerators is
particularly challenging since the attestation mechanism should not reduce
performance. Although hardware support for trusted execution on GPUs is
emerging, we study purely software-based approaches for trusted GPU execution.
A software-only approach offers distinct advantages: (1) complement
hardware-based approaches, enhancing security especially when vulnerabilities
in the hardware implementation degrade security, (2) operate on GPUs without
hardware support for trusted execution, and (3) achieve security without
reliance on secrets embedded in the hardware, which can be extracted as history
has shown. In this work, we present SAGE, a software-based attestation
mechanism for GPU execution. SAGE enables secure code execution on NVIDIA GPUs
of the Ampere architecture (A100), providing properties of code integrity and
secrecy, computation integrity, as well as data integrity and secrecy - all in
the presence of malicious code running on the GPU and CPU. Our evaluation
demonstrates that SAGE is already practical today for executing code in a
trustworthy way on GPUs without specific hardware support.Comment: 14 pages, 2 reference pages, 6 figure
Towards privacy-preserving network verification of inter-domain Software-Defined Networking
SDN approaches to inter-domain routing promise better traffic engineering, enhanced security, and higher automation. Yet, naiÌve deployment of SDN on the Internet is dangerous as the control plane expressiveness of BGP is significantly more limited than the data plane expressiveness of SDN, which allows fine-grained rules to deflect traffic from BGPâs default routes. Most notably, this mismatch may lead to incorrect forwarding behaviors such as forwarding loops and blackholes, ultimately hindering SDN deployment at the inter-domain level. In this work, we make a first step towards verifying the correctness of inter-domain forwarding state with a focus on loop freedom while keeping private the SDN rules, as they comprise confidential routing information. To this end, we design a simple yet powerful primitive that allows two networks to verify whether their SDN rules overlap, i.e. the set of packets matched by these rules is non-empty, without leaking any information about the SDN rules. We propose an efficient implementation of this primitive by using recent advancements in Secure Multi-Party Computation and we then leverage it as the main building block for designing a system that detects Internet-wide forwarding loops among any set of SDN-enabled Internet eXchange Points.Master [120] : ingĂ©nieur civil en informatique, UniversitĂ© catholique de Louvain, 201
SAGE: Software-based Attestation for GPU Execution
With the application of machine learning to security-critical and sensitive domains, there is a growing need for integrity and privacy in computation using accelerators, such as GPUs. Unfortunately, the support for trusted execution on GPUs is currently very limited - trusted execution on accelerators is particularly challenging since the attestation mechanism should not reduce performance. Although hardware support for trusted execution on GPUs is emerging, we study purely software-based approaches for trusted GPU execution. A software-only approach offers distinct advantages: (1) complement hardware-based approaches, enhancing security especially when vulnerabilities in the hardware implementation degrade security, (2) operate on GPUs without hardware support for trusted execution, and (3) achieve security without reliance on secrets embedded in the hardware, which can be extracted as history has shown. In this work, we present SAGE, a software-based attestation mechanism for GPU execution. SAGE enables secure code execution on NVIDIA GPUs of the Ampere architecture (A100), providing properties of code integrity and secrecy, computation integrity, as well as data integrity and secrecy - all in the presence of malicious code running on the GPU and CPU. Our evaluation demonstrates that SAGE is already practical today for executing code in a trustworthy way on GPUs without specific hardware support