ShieldBox: Secure Middleboxes using Shielded Execution

Bohdan Trach, Alfred Krohmer, Franz Gregor, Sergei Arnautov, Pramod Bhatotia, Christof Fetzer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Middleboxes that process confidential data cannot be securely deployed in untrusted cloud environments. To securely outsource middleboxes to the cloud, state-of-the-art systems advocate network processing over the encrypted traffic. Unfortunately, these systems support only restrictive functionalities, and incur prohibitively high overheads.
This motivated the design of ShieldBox—a secure middlebox framework for deploying high-performance network functions (NFs) over untrusted commodity servers. ShieldBox securely processes encrypted traffic inside a secure container by leveraging shielded execution. More specifically, ShieldBox builds on hardware-assisted memory protection based on Intel SGX to provide strong confidentiality and integrity guarantees. For middlebox developers, ShieldBox exposes a generic interface based on Click to design and implement a wide-range of NFs using its out-of-the-box elements and C++ extensions. For network operators, ShieldBox provides configuration and attestation service for seamless and verifiable deployment of middleboxes. We have implemented ShieldBox supporting important end-to-end features required for secure network processing, and performance optimizations. Our extensive evaluation shows that ShieldBox achieves a
near-native throughput and latency to securely process confidential data at line rate.
Original languageEnglish
Title of host publicationSOSR 2018 : Symposium on SDN Research
Place of PublicationLos Angles, CA
PublisherACM
Number of pages14
ISBN (Electronic)978-1-4503-5664-0
DOIs
Publication statusPublished - 28 Mar 2018
EventSymposium on SDN Research - Los Angelos, United States
Duration: 28 Mar 201829 Mar 2018
http://conferences.sigcomm.org/sosr/2018/index.html

Conference

ConferenceSymposium on SDN Research
Abbreviated titleSOSR'18
Country/TerritoryUnited States
CityLos Angelos
Period28/03/1829/03/18
Internet address

Fingerprint

Dive into the research topics of 'ShieldBox: Secure Middleboxes using Shielded Execution'. Together they form a unique fingerprint.

Cite this