Research On Security Enhancement For Virtual Intrusion Detection Systems Based On SGX

Network Function Virtualization(NFV)is an architecture that decouples network functions from specific hardware.It uses standard devices combined with virtualization technologies and uses software to implement network functions.This means that network functions such as IDS,firewalls,and gateways can no longer rely on proprietary network equipment and can be flexibly deployed in the form of software.The Virtual Network Function(VNF)is an instance of a network function running on a virtual resource in the NFV architecture.Network function virtualization enables network services to get rid of the underlying hardware-specific dependencies,achieve full and flexible sharing of resources,and rapid development and deployment of new services.But compared with the traditional network equipment,the actual network function bearer VNF in NFV has its own integrity and confidentiality risk due to its being in an open and shared environment.These risks come from other application instances of the same platform and the underlying platform.Intrusion Detection System(IDS)is a common network function.It monitors the transmitted data in the network and responds in time to protect the internal network security.An IDS deployed in a virtual environment,whose internal components,configuration files,matching rules,and other important components may be tampered with or leaked.SGX(Software Guard Extensions)is a CPU-based security extension provided by Intel.It provides a trusted execution environment for applications.In this paper,we propose a virtual IDS security enhancement method based on SGX,using Intel SGX technology to build a security-enhanced virtual intrusion detection system.In addition,we have extended the remote attestation mechanism in the SGX to address the need for remote attestation of virtual network function outsourcing,and proposed a new SGX remote attestation scheme.In this scenario,the user can attest the cloud-based virtual IDS service and send the encrypted data packet to the cloud-based virtual IDS for processing through the secure channel,thereby protecting the user's data privacy.Finally,for the performance overhead of SGX due to state switching and memory encryption and decryption,this paper proposes an optimized solution to reduce SGX performance overhead.Thus,while protecting the security of the virtual IDS,its performance loss is minimized.We implemented our solution based on the open source intrusion detection system Snort,and performed system function and performance evaluation on the real physical SGX platform.The experimental results show that our method protects the security of the virtual IDS's key code,configuration,and policy state.