Note: ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution
ENDBOX enable secure networking by client-Side trusted execution.
What
ENDBOX is a scalable middlebox that enable secure networking by client-Side trusted execution.
Why
- Network attacks -> Operators use middleboxes to improve network performance and security -> High costs.
- Problems of Current Middleboxes:
- Centralized hardware -> expensive, vulnerable, limited scalability.
- Offloading to cloud services -> higher complexity and latency, requires trust in cloud provider, processing of encrypted traffic problematic.
- Client-Side Middleboxes Functionality has problems -> Leverage trusted execution
- Both users and client machines cannot be trusted.
- Users are forced to use middlebox function.
How
- Shifting Middleboxes to clients.
- Middlebox functions run inside enclave.
- Route packets through SGX enclaves using VPN tunnel.
Some Detail
- Middleboxes: a computer networking device that transforms, inspects, filters, or otherwise manipulates traffic for purposes other than packet forwarding.
- Using OpenVPN v2.4.0 & Click Modular Router for compare in multiple use cases:
- Forwarding (FOR)
- Firewall (FW)
- Intrusion Prevention (IDPS)
- Load balancer (LB)
- DDoS protection (DDoS)
- Evaluation:
- Throughput: Different packet size compare.
- CPU usage & Throughput: Different clients number.
Note: ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution的更多相关文章
- SAP NOTE 1999997 - FAQ: SAP HANA Memory
Symptom You have questions related to the SAP HANA memory. You experience a high memory utilization ...
- Linux下的C Socket编程 -- 简介与client端的处理
Linux下的C Socket编程(一) 介绍 Socket是进程间通信的方式之一,是进程间的通信.这里说的进程并不一定是在同一台机器上也有可能是通过网络连接的不同机器上.只要他们之间建立起了sock ...
- go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用)
目录 go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用) warden direct demo-server gr ...
- Caching Tutorial
for Web Authors and Webmasters This is an informational document. Although technical in nature, it a ...
- (转) [it-ebooks]电子书列表
[it-ebooks]电子书列表 [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Obj ...
- squid源码安装下的conf文件默认值和提示
# WELCOME TO SQUID 3.0.STABLE26# ----------------------------## This is the default Squid c ...
- Hadoop官方文档翻译——MapReduce Tutorial
MapReduce Tutorial(个人指导) Purpose(目的) Prerequisites(必备条件) Overview(综述) Inputs and Outputs(输入输出) MapRe ...
- OpenMP初步(英文)
Beginning OpenMP OpenMP provides a straight-forward interface to write software that can use multipl ...
- Linux下Nagios的安装与配置
一.本文说明 本文是在参考:http://www.cnblogs.com/mchina/archive/2013/02/20/2883404.html David_Tang文章以及网上的一些资料完 ...
随机推荐
- 句柄与MFC对象关系和相互获取
Windows对象是以句柄来标识的,对应的MFC类就是这些句柄的C++包装.内存中的Windows对象一定有唯一的句柄来标识,但不一定有对应的MFC类对象在内存中.当需要获取Windows对象的对应M ...
- Java -- AWT 画图,图像处理
1. AWT画图 Graphics类 提供绘制简单图形的方法 更新图片时用到 repaint , update , 程序不应该主动调用paint和update, 这两个方法都应该是由AWT系统负责 ...
- java 获取访问主机的ip地址
Java的api的说法: getHeader public java.lang.String getHeader(java.lang.String name) Return the first val ...
- 仿联想商城laravel实战---4、验证(lavarel的表单验证如何使用)
仿联想商城laravel实战---4.验证(lavarel的表单验证如何使用) 一.总结 一句话总结: 验证规则和验证信息的数组:在控制器的方法中 1.注册页面中的用户名正确(比如是否重名,字段长度是 ...
- java:类集操作,多对多的关系
java:类集操作,多对多的关系 //一个课程有多个学生报名, //一个学生可以报名多个课程 demo.java, Student.java, Course.java' public class Co ...
- CheckStyle:unable to parse configuration stream - Element type "message" must be declared
版本在1.3以上,包括1.3: <!DOCTYPE module PUBLIC "-//Puppy Crawl//DTD Check Configuration 1. ...
- ubuntu命令行卸载软件
“apt-get”命令,这是用于管理已安装程序的通用命令. 安装:apt-get install name 卸载:apt-get remove name 卸载并清除配置:apt-get --p ...
- 前向纠错码(FEC)的RTP荷载格式
http://www.rosoo.net/a/201110/15146.html 本文档规定了一般性的前向纠错的媒体数据流的RTP打包格式.这种格式针对基于异或操作的FEC算法进行了特殊设计,它允许终 ...
- C#设计模式(9)——装饰者模式
一.概念 装饰者模式以对客户透明的方式动态地给一个对象附加上更多的责任,装饰者模式相比生成子类可以更灵活地增加功能. 二.模型 三.代码实现 /// <summary> /// 手机抽象类 ...
- Android精品资源汇总,10个源码(持续更新)
最近一直在学习Android,在各大社区逛,总结下自己看到的一些不错的源码.希望可以给大家带来帮助. 1.Android精品源码:带动态效果的Button(按钮) 最喜欢各种效果的按钮了,没办法就是这 ...