ENDBOX enable secure networking by client-Side trusted execution.

What

ENDBOX is a scalable middlebox that enable secure networking by client-Side trusted execution.

Why

  • Network attacks -> Operators use middleboxes to improve network performance and security -> High costs.
  • Problems of Current Middleboxes:
    • Centralized hardware -> expensive, vulnerable, limited scalability.
    • Offloading to cloud services -> higher complexity and latency, requires trust in cloud provider, processing of encrypted traffic problematic.
  • Client-Side Middleboxes Functionality has problems -> Leverage trusted execution
    • Both users and client machines cannot be trusted.
    • Users are forced to use middlebox function.

How

  • Shifting Middleboxes to clients.
  • Middlebox functions run inside enclave.
  • Route packets through SGX enclaves using VPN tunnel.

Some Detail

  • Middleboxes: a computer networking device that transforms, inspects, filters, or otherwise manipulates traffic for purposes other than packet forwarding.
  • Using OpenVPN v2.4.0 & Click Modular Router for compare in multiple use cases:
    • Forwarding (FOR)
    • Firewall (FW)
    • Intrusion Prevention (IDPS)
    • Load balancer (LB)
    • DDoS protection (DDoS)
  • Evaluation:
    • Throughput: Different packet size compare.
    • CPU usage & Throughput: Different clients number.

Note: ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution的更多相关文章

  1. SAP NOTE 1999997 - FAQ: SAP HANA Memory

    Symptom You have questions related to the SAP HANA memory. You experience a high memory utilization ...

  2. Linux下的C Socket编程 -- 简介与client端的处理

    Linux下的C Socket编程(一) 介绍 Socket是进程间通信的方式之一,是进程间的通信.这里说的进程并不一定是在同一台机器上也有可能是通过网络连接的不同机器上.只要他们之间建立起了sock ...

  3. go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用)

    目录 go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用) warden direct demo-server gr ...

  4. Caching Tutorial

    for Web Authors and Webmasters This is an informational document. Although technical in nature, it a ...

  5. (转) [it-ebooks]电子书列表

    [it-ebooks]电子书列表   [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Obj ...

  6. squid源码安装下的conf文件默认值和提示

    #    WELCOME TO SQUID 3.0.STABLE26#    ----------------------------##    This is the default Squid c ...

  7. Hadoop官方文档翻译——MapReduce Tutorial

    MapReduce Tutorial(个人指导) Purpose(目的) Prerequisites(必备条件) Overview(综述) Inputs and Outputs(输入输出) MapRe ...

  8. OpenMP初步(英文)

    Beginning OpenMP OpenMP provides a straight-forward interface to write software that can use multipl ...

  9. Linux下Nagios的安装与配置

    一.本文说明 本文是在参考:http://www.cnblogs.com/mchina/archive/2013/02/20/2883404.html   David_Tang文章以及网上的一些资料完 ...

随机推荐

  1. vs2017调用目标发生了异常

    解决办法: 1. 在开始菜单,找到“Visual Studio Tools”文件夹中的“VS 2017的开发人员命令提示符 ” 运行. 2. 输入:devenv /Safemode 3. 会以安全模式 ...

  2. 目标检测 — Inception-ResNet-v2

    这篇文章介绍的网络有Inception V1.Inception V2.Inception V3.Inception V4与Inception-ResNet-V2. 1.Inception V1 主要 ...

  3. 一致性问题和Raft一致性算法——一致性问题是无法彻底解决的,可以说一个分布式系统可靠性达到99.99…%,但不能说它达到了100%

    一致性问题 一致性算法是用来解决一致性问题的,那么什么是一致性问题呢? 在分布式系统中,一致性问题(consensus problem)是指对于一组服务器,给定一组操作,我们需要一个协议使得最后它们的 ...

  4. 一次websocket的抓包体验

    一个简单的demo 我们知道websocket一种服务端推送技术,首先Websocket是基于HTTP协议的,或者说借用了HTTP的协议来完成一部分握手.后续数据传递是基于TCP的. 客户端代码 &l ...

  5. BeanUtils介绍及使用

    JavaBeans事实上有三层含义.首先,JavaBeans是一种规范,一种在Java(包括JSP)中可重复使用的Java组件的技术规范,也可以说成我们常说的接口.其次,JavaBeans是一个Jav ...

  6. 51nod 1686 第K大区间 二分瞎搞

    题目: 定义一个区间的值为其众数出现的次数. 现给出n个数,求将所有区间的值排序后,第K大的值为多少. 题解: 答案明显单调,我们考虑二分答案. 转化为判定问题后我们需要观察到一个性质: 如果一个区间 ...

  7. 【LeetCode】081. Search in Rotated Sorted Array II

    题目: Follow up for "Search in Rotated Sorted Array":What if duplicates are allowed? Would t ...

  8. java判断一个类是否公共类

    Modifier.isPublic([类].getModifiers()) Modifier.isAbstract([类].getModifiers())

  9. bzoj 2850 巧克力王国 —— K-D树

    题目:https://www.lydsy.com/JudgeOnline/problem.php?id=2850 只要暴力判断是否全选一个子树或全不选,如果都不是就进入查询: 要注意值有负,所以不是直 ...

  10. poj 2187 Beauty Contest —— 旋转卡壳

    题目:http://poj.org/problem?id=2187 学习资料:https://blog.csdn.net/wang_heng199/article/details/74477738 h ...