Note: ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution
ENDBOX enable secure networking by client-Side trusted execution.
What
ENDBOX is a scalable middlebox that enable secure networking by client-Side trusted execution.
Why
- Network attacks -> Operators use middleboxes to improve network performance and security -> High costs.
- Problems of Current Middleboxes:
- Centralized hardware -> expensive, vulnerable, limited scalability.
- Offloading to cloud services -> higher complexity and latency, requires trust in cloud provider, processing of encrypted traffic problematic.
- Client-Side Middleboxes Functionality has problems -> Leverage trusted execution
- Both users and client machines cannot be trusted.
- Users are forced to use middlebox function.
How
- Shifting Middleboxes to clients.
- Middlebox functions run inside enclave.
- Route packets through SGX enclaves using VPN tunnel.
Some Detail
- Middleboxes: a computer networking device that transforms, inspects, filters, or otherwise manipulates traffic for purposes other than packet forwarding.
- Using OpenVPN v2.4.0 & Click Modular Router for compare in multiple use cases:
- Forwarding (FOR)
- Firewall (FW)
- Intrusion Prevention (IDPS)
- Load balancer (LB)
- DDoS protection (DDoS)
- Evaluation:
- Throughput: Different packet size compare.
- CPU usage & Throughput: Different clients number.
Note: ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution的更多相关文章
- SAP NOTE 1999997 - FAQ: SAP HANA Memory
Symptom You have questions related to the SAP HANA memory. You experience a high memory utilization ...
- Linux下的C Socket编程 -- 简介与client端的处理
Linux下的C Socket编程(一) 介绍 Socket是进程间通信的方式之一,是进程间的通信.这里说的进程并不一定是在同一台机器上也有可能是通过网络连接的不同机器上.只要他们之间建立起了sock ...
- go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用)
目录 go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用) warden direct demo-server gr ...
- Caching Tutorial
for Web Authors and Webmasters This is an informational document. Although technical in nature, it a ...
- (转) [it-ebooks]电子书列表
[it-ebooks]电子书列表 [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Obj ...
- squid源码安装下的conf文件默认值和提示
# WELCOME TO SQUID 3.0.STABLE26# ----------------------------## This is the default Squid c ...
- Hadoop官方文档翻译——MapReduce Tutorial
MapReduce Tutorial(个人指导) Purpose(目的) Prerequisites(必备条件) Overview(综述) Inputs and Outputs(输入输出) MapRe ...
- OpenMP初步(英文)
Beginning OpenMP OpenMP provides a straight-forward interface to write software that can use multipl ...
- Linux下Nagios的安装与配置
一.本文说明 本文是在参考:http://www.cnblogs.com/mchina/archive/2013/02/20/2883404.html David_Tang文章以及网上的一些资料完 ...
随机推荐
- 图文了解 Kafka 的副本复制机制
让分布式系统的操作变得简单,在某种程度上是一种艺术,通常这种实现都是从大量的实践中总结得到的.Apache Kafka 的受欢迎程度在很大程度上归功于其设计和操作简单性.随着社区添加更多功能,开发者们 ...
- ava:Map借口及其子类HashMap三
ava:Map借口及其子类HashMap三 HashMap常用子类(异步非安全线程,性能高: Hashtable:同步的安全线程,性能低) map(HashMap)中的key,value可以通过 Se ...
- Python基础之元组操作
元组的常用操作包括但不限于以下操作: 元组的索引,计数等 这里将对列表的内置操作方法进行总结归纳,重点是以示例的方式进行展示. 使用type获取创建对象的类 type(tuple) 使用dir获取类的 ...
- Hibernate学习---第十五节:hibernate二级缓存
1.二级缓存所需要的 jar 包 这三个 jar 包实在 hibernate 解压缩文件夹的 lib\optional\ehcache 目录下 2.配置 ehcache.xml <ehcache ...
- LSM Tree 学习笔记——MemTable通常用 SkipList 来实现
最近发现很多数据库都使用了 LSM Tree 的存储模型,包括 LevelDB,HBase,Google BigTable,Cassandra,InfluxDB 等.之前还没有留意这么设计的原因,最近 ...
- java String final + equal == 区别
java String 是不可改变的类型. String a = "hello2"; String d = "hello"; final String b = ...
- 【遍历二叉树】09判断二叉树是否关于自己镜像对称【Symmetric Tree】
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 给定一个二叉树,判断是否他自己的镜 ...
- luogu1833 樱花
背包问题小合集 01背包 完全背包 多重背包混着来 对于01背包:把它想象成最大物品数为1的多重背包 对于完全背包:把它想象成最大物品数为m/w[i]的多重背包 对于多重背包:把它想象成...等等这本 ...
- Gym - 101196:F Removal Game(区间DP)
题意:一个环状数组,给定可以删去一个数,代价的相邻两个数的gcd,求最小代价. 思路:区间DP即可,dp[i][j]表示[i,j]区间只剩下i和j时的最小代价,那么dp[i][j]=min dp[i ...
- bzoj 3752: Hack 预处理+暴力dfs
题目大意: 定义字符串的hash值\(h = \sum_{i=0}^{n-1}p^{n-i-1}s_i\) 现在给定K个长度不超过L的字符串S,对于每个字符串S,求字典序最小长度不超过L的字符串T使得 ...