Abstract / Description of output
Middleboxes that process confidential data cannot be securely deployed in untrusted cloud environments. To securely outsource middleboxes to the cloud, state-of-the-art systems advocate network processing over the encrypted traffic. Unfortunately, these systems support only restrictive functionalities, and incur prohibitively high overheads.
This motivated the design of ShieldBox—a secure middlebox framework for deploying high-performance network functions (NFs) over untrusted commodity servers. ShieldBox securely processes encrypted traffic inside a secure container by leveraging shielded execution. More specifically, ShieldBox builds on hardware-assisted memory protection based on Intel SGX to provide strong confidentiality and integrity guarantees. For middlebox developers, ShieldBox exposes a generic interface based on Click to design and implement a wide-range of NFs using its out-of-the-box elements and C++ extensions. For network operators, ShieldBox provides configuration and attestation service for seamless and verifiable deployment of middleboxes. We have implemented ShieldBox supporting important end-to-end features required for secure network processing, and performance optimizations. Our extensive evaluation shows that ShieldBox achieves a
near-native throughput and latency to securely process confidential data at line rate.
This motivated the design of ShieldBox—a secure middlebox framework for deploying high-performance network functions (NFs) over untrusted commodity servers. ShieldBox securely processes encrypted traffic inside a secure container by leveraging shielded execution. More specifically, ShieldBox builds on hardware-assisted memory protection based on Intel SGX to provide strong confidentiality and integrity guarantees. For middlebox developers, ShieldBox exposes a generic interface based on Click to design and implement a wide-range of NFs using its out-of-the-box elements and C++ extensions. For network operators, ShieldBox provides configuration and attestation service for seamless and verifiable deployment of middleboxes. We have implemented ShieldBox supporting important end-to-end features required for secure network processing, and performance optimizations. Our extensive evaluation shows that ShieldBox achieves a
near-native throughput and latency to securely process confidential data at line rate.
Original language | English |
---|---|
Title of host publication | SOSR 2018 : Symposium on SDN Research |
Place of Publication | Los Angles, CA |
Publisher | ACM |
Number of pages | 14 |
ISBN (Electronic) | 978-1-4503-5664-0 |
DOIs | |
Publication status | Published - 28 Mar 2018 |
Event | Symposium on SDN Research - Los Angelos, United States Duration: 28 Mar 2018 → 29 Mar 2018 http://conferences.sigcomm.org/sosr/2018/index.html |
Conference
Conference | Symposium on SDN Research |
---|---|
Abbreviated title | SOSR'18 |
Country/Territory | United States |
City | Los Angelos |
Period | 28/03/18 → 29/03/18 |
Internet address |