Note: ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution
ENDBOX enable secure networking by client-Side trusted execution.
What
ENDBOX is a scalable middlebox that enable secure networking by client-Side trusted execution.
Why
- Network attacks -> Operators use middleboxes to improve network performance and security -> High costs.
- Problems of Current Middleboxes:
- Centralized hardware -> expensive, vulnerable, limited scalability.
- Offloading to cloud services -> higher complexity and latency, requires trust in cloud provider, processing of encrypted traffic problematic.
- Client-Side Middleboxes Functionality has problems -> Leverage trusted execution
- Both users and client machines cannot be trusted.
- Users are forced to use middlebox function.
How
- Shifting Middleboxes to clients.
- Middlebox functions run inside enclave.
- Route packets through SGX enclaves using VPN tunnel.
Some Detail
- Middleboxes: a computer networking device that transforms, inspects, filters, or otherwise manipulates traffic for purposes other than packet forwarding.
- Using OpenVPN v2.4.0 & Click Modular Router for compare in multiple use cases:
- Forwarding (FOR)
- Firewall (FW)
- Intrusion Prevention (IDPS)
- Load balancer (LB)
- DDoS protection (DDoS)
- Evaluation:
- Throughput: Different packet size compare.
- CPU usage & Throughput: Different clients number.
Note: ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution的更多相关文章
- SAP NOTE 1999997 - FAQ: SAP HANA Memory
Symptom You have questions related to the SAP HANA memory. You experience a high memory utilization ...
- Linux下的C Socket编程 -- 简介与client端的处理
Linux下的C Socket编程(一) 介绍 Socket是进程间通信的方式之一,是进程间的通信.这里说的进程并不一定是在同一台机器上也有可能是通过网络连接的不同机器上.只要他们之间建立起了sock ...
- go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用)
目录 go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用) warden direct demo-server gr ...
- Caching Tutorial
for Web Authors and Webmasters This is an informational document. Although technical in nature, it a ...
- (转) [it-ebooks]电子书列表
[it-ebooks]电子书列表 [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Obj ...
- squid源码安装下的conf文件默认值和提示
# WELCOME TO SQUID 3.0.STABLE26# ----------------------------## This is the default Squid c ...
- Hadoop官方文档翻译——MapReduce Tutorial
MapReduce Tutorial(个人指导) Purpose(目的) Prerequisites(必备条件) Overview(综述) Inputs and Outputs(输入输出) MapRe ...
- OpenMP初步(英文)
Beginning OpenMP OpenMP provides a straight-forward interface to write software that can use multipl ...
- Linux下Nagios的安装与配置
一.本文说明 本文是在参考:http://www.cnblogs.com/mchina/archive/2013/02/20/2883404.html David_Tang文章以及网上的一些资料完 ...
随机推荐
- python第八篇:十分钟学会Flask
什么是Flask Flask是一个基于Python并且依赖于Jinja2模板引擎和Werkzeug WSGI服务的一个微型框架 Flask中包含一个轻量级的web 服务器主要用于在开发阶段测试使用 F ...
- js 跨域复习 window.name | window.domain | iframe | Jsonp
引起跨域的原因: 浏览器的同源策略,但是当你要发送请求的时候,出于安全性问题,浏览器有严格的要求,必须协议,域名,端口都相同,这个就是同源策略. 影响:a通过js脚本向b发送ajax请求,不同源就会报 ...
- thinkphp微信开发(消息加密解密)
使用thinkphp官方的WeChat包,使用不同模式可以成功,但是安全模式就是不行,现将分析解决结果做下记录. 分析问题: 解密微信服务器消息老是不成功,下载下微信公众平台官方给出的解密文件和Wec ...
- MFC工程名称与所包含文件名称的关系(工程名可以更改,输出的.dll.exe.lib都以最后工程名命名为准)
创建MFC应用程序时,可以规定MFC程序的工程名称,假设初始为MFCApp,则此后该应用程序的资源文件名称,继承自CWinApp的那个类,包括.def文件,.odl文件等都会以MFCApp打头. 但是 ...
- web网页打印的方法
WebBrowser.ExecWB的完整说明 个人感觉的:致命缺点-----------------仅仅支持ie浏览器 document.all.WebBrowser.ExecWB WebBrowse ...
- LiveMediaStreamer
LiveMediaStreamer is an open source multimedia framework that allows the manipulation of multiple au ...
- VC6++常用快捷键
VC6快捷键大全(转载) VC6快捷键大全,记在这里,方便查阅.F1: 帮助Ctrl+O :OpenCtrl+P :PrintCtrl+N :NewCtrl+Shift+F2 :清除所有书签F2 :上 ...
- S3C2410中文芯片手册-11.串口
目录 11 UART Overview Featrues UART Operation Data Transmission Data Reception Auto Flow Control(AFC) ...
- [转]由Tencent://Message协议想到的一个解决方案
源代码下载:http://files.cnblogs.com/phinecos/HelloWorldProtocal.rar 前天在BruceZhang的一篇博文<求助:如何在ASP页面中调用W ...
- HDOJ1171(多重背包)
#include<iostream> #include<cstdio> using namespace std; #define MAX(a,b) (a>b)?a:b + ...