Memory Auditing for Detection of Compromised Switches in Software-Defined Networks Using Trusted Execution Environment

  • Filipe Augusto da Luz LemosEmail author
  • Rubens Alexandre de Faria
  • Paulo Jose Abatti
  • Mauro Sergio Pereira Fonseca
  • Keiko Veronica Ono Fonseca
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 152)


Current solutions for detecting compromised switches in software-defined network (SDN) usually rely on the monitoring of the network traffic or conformance of the packets traversing through them and the rules defined by the controllers. Although satisfying, those solutions cannot detect a switch that has been compromised if it is not acting maliciously at the moment of the traffic monitoring as sleeper agents, which can pose as a national security risk when defense networks are the targets. An architecture capable of auditing the memory of switches in software-defined networks is proposed as a solution to detect compromised switches even when they are not acting maliciously and only leave micro-traces of its activities. This auditing should be able to verify the conformity between what is in the memory and the flow rules set by the controllers without overusing the system resources. A trusted execution environment is also proposed to improve the security of the auditing processes.


Software-defined networks Memory auditing Compromised switches Trusted execution environment Sleeper agents 



This research work explores possible applications for TEE and secure and scalable cloud applications as part of the EU-BR SecureCloud project. The project has been receiving funds granted from the 3rd EU-BR Coordinated Call (Brazilian Ministry of Science, Technology and Innovation, MCTIC/RNP, BR grant agreements 2550, 2549, 2553, 2552 and 2568) and European Union Horizon 2020 programme—EU Grant Agreement 690111). The project is also supported by the Swiss State Secretariat for Education, Research and Innovation (SERI). This research work also explores possible security solutions for forensics applications under the CAPES Pró-Forenses Project 025/2014.


  1. 1.
    Nunes, B.A.A., Mendonca, M., Nguyen, X., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun. Surv. Tutor. 16(3), 1617–1634, (2014). (Third Quarter). Scholar
  2. 2.
    Nadeau, T.D., Gray, W.K., SDN - Software Defined Networks: O’Reilly (2013). ISBN: 1449342426Google Scholar
  3. 3.
    Van Trung, P., Huong, T.T., Van Tuyen, D., Duc, D.M., Thanh, N.H., Marshall, A.: A multi-criteria-based DDoS-attack prevention solution using software defined networking. In: 2015 International Conference on Advanced Technologies for Communications (ATC), pp. 308-313. Ho Chi Minh City (2015).
  4. 4.
    Zhou, H., et al.: SDN-RDCD: a real-time and reliable method for detecting compromised SDN devices. IEEE/ACM Trans. Netw. 26(5), 2048–2061 (2018). Scholar
  5. 5.
    Dabbagh, M., Hamdaoui, B., Guizani, M., Rayes, A.: Software-defined networking security: pros and cons. IEEE Commun. Mag. 53(6), 73–79 (2015). Scholar
  6. 6.
    Price, D.: A guide to cyber intelligence. J. US Intell. Stud. 21(1) (2014–2015)Google Scholar
  7. 7.
    Robterson, J., Riley, M.: The big hack: how China used a tiny chip to infiltrate U.S. companies. Bloomberg Businessweek, 4 Oct 2018Google Scholar
  8. 8.
    Intel Corporation, Intel Software Guard Extensions (Intel SGX), Website, Accessed December 14 2018Google Scholar
  9. 9.
    Open Networking Foundation, OpenFlow Switch Specification, Version 1.5.1 (Protocol version 0x06), 26 March 2015Google Scholar
  10. 10.
    Newman, L.H.: Spectre-Like Flaw Undermines Intel Processors’ Most Secure Element. Wired, 14 Aug 2018Google Scholar
  11. 11.
    Pereira, L., et al.: Using Intel SGX to enforce auditing of running software in insecure environments. In: The 10th IEEE International Conference on Cloud Computing Technology and Science (2018)Google Scholar
  12. 12.
    Gelberger, A., Yemini, N., Giladi, R.: Performance analysis of software-defined networking (SDN). In: IEEE 21st International Symposium on Modelling, Analysis and Simulation of Computer and Telecommunication Systems, San Francisco, CA 2013, pp. 389–393 (2013).
  13. 13.
    Costa, R.S., Pigatto, D.F., Fonseca, K.V.O., Rosa, M.O.: Securing Video on Demand Content with SGX: A Decryption Performance Evaluation in Client-Side, Simposio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), [S.l.], pp. 127–140 (2018)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • Filipe Augusto da Luz Lemos
    • 1
    Email author
  • Rubens Alexandre de Faria
    • 1
  • Paulo Jose Abatti
    • 1
  • Mauro Sergio Pereira Fonseca
    • 1
  • Keiko Veronica Ono Fonseca
    • 1
  1. 1.Federal University of Technology - ParanaCuritibaBrazil

Personalised recommendations