ENDBOX enable secure networking by client-Side trusted execution.

What

ENDBOX is a scalable middlebox that enable secure networking by client-Side trusted execution.

Why

  • Network attacks -> Operators use middleboxes to improve network performance and security -> High costs.
  • Problems of Current Middleboxes:
    • Centralized hardware -> expensive, vulnerable, limited scalability.
    • Offloading to cloud services -> higher complexity and latency, requires trust in cloud provider, processing of encrypted traffic problematic.
  • Client-Side Middleboxes Functionality has problems -> Leverage trusted execution
    • Both users and client machines cannot be trusted.
    • Users are forced to use middlebox function.

How

  • Shifting Middleboxes to clients.
  • Middlebox functions run inside enclave.
  • Route packets through SGX enclaves using VPN tunnel.

Some Detail

  • Middleboxes: a computer networking device that transforms, inspects, filters, or otherwise manipulates traffic for purposes other than packet forwarding.
  • Using OpenVPN v2.4.0 & Click Modular Router for compare in multiple use cases:
    • Forwarding (FOR)
    • Firewall (FW)
    • Intrusion Prevention (IDPS)
    • Load balancer (LB)
    • DDoS protection (DDoS)
  • Evaluation:
    • Throughput: Different packet size compare.
    • CPU usage & Throughput: Different clients number.

Note: ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution的更多相关文章

  1. SAP NOTE 1999997 - FAQ: SAP HANA Memory

    Symptom You have questions related to the SAP HANA memory. You experience a high memory utilization ...

  2. Linux下的C Socket编程 -- 简介与client端的处理

    Linux下的C Socket编程(一) 介绍 Socket是进程间通信的方式之一,是进程间的通信.这里说的进程并不一定是在同一台机器上也有可能是通过网络连接的不同机器上.只要他们之间建立起了sock ...

  3. go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用)

    目录 go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用) warden direct demo-server gr ...

  4. Caching Tutorial

    for Web Authors and Webmasters This is an informational document. Although technical in nature, it a ...

  5. (转) [it-ebooks]电子书列表

    [it-ebooks]电子书列表   [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Obj ...

  6. squid源码安装下的conf文件默认值和提示

    #    WELCOME TO SQUID 3.0.STABLE26#    ----------------------------##    This is the default Squid c ...

  7. Hadoop官方文档翻译——MapReduce Tutorial

    MapReduce Tutorial(个人指导) Purpose(目的) Prerequisites(必备条件) Overview(综述) Inputs and Outputs(输入输出) MapRe ...

  8. OpenMP初步(英文)

    Beginning OpenMP OpenMP provides a straight-forward interface to write software that can use multipl ...

  9. Linux下Nagios的安装与配置

    一.本文说明 本文是在参考:http://www.cnblogs.com/mchina/archive/2013/02/20/2883404.html   David_Tang文章以及网上的一些资料完 ...

随机推荐

  1. Spark-Spark setMaster & WordCount Demo

    Spark setMaster源码 /** * The master URL to connect to, such as "local" to run locally with ...

  2. linux shell编程(三) if 和 for

    if 条件判断: 单分支的if语句if 判断条件: then statement1fi双分支的if语句if 判断条件;then statement1 statementelse statement3f ...

  3. IE6、IE7、IE8及其他浏览器多个元素并排显示

    IE6.IE7.IE8及其他浏览器多个元素并排显示 HTML代码 <div class="line"> <h1>全部input框</h1> &l ...

  4. 封装一个简单的Hibernate SessionFactory

    封装Hibernate框架中的session工厂   ,方便很多,免去了很多重复无用的代码 package com.maya.test; import org.hibernate.*; import ...

  5. linux命令学习笔记(3):pwd命令

    Linux中用 pwd 命令来查看”当前工作目录“的完整路径. 简单得说,每当你在终端进行操作时, 你都会有一个当前工作目录. 在不太确定当前位置时,就会使用pwd来判定当前目录在文件系统内的确切位置 ...

  6. linux命令学习笔记(8):cp 命令

    cp命令用来复制文件或者目录,是Linux系统中最常用的命令之一.一般情况下,shell会设置一个别名, 在命令行下复制文件时,如果目标文件已经存在,就会询问是否覆盖,不管你是否使用-i参数.但是如果 ...

  7. 【JVM】jvm垃圾回收器相关垃圾回收算法

    引用计数法[原理]--->引用计数器是经典的也是最古老的垃圾收集防范.--->实现原理:对于对象A,只要有任何一个对象引用A,则计数器加1.当引用失效时,计数器减1.只要对象A的计数器值为 ...

  8. 「LOJ#10050」「一本通 2.3 例 2」The XOR Largest Pair (Trie

    题目描述 在给定的 $N$ 个整数 $A_1,A_2,A_3...A_n$ 中选出两个进行异或运算,得到的结果最大是多少? 输入格式 第一行一个整数$N$. 第二行$N$个整数$A_i$. 输出格式 ...

  9. java判断一个类是否公共类

    Modifier.isPublic([类].getModifiers()) Modifier.isAbstract([类].getModifiers())

  10. Excel对重复数据分组,求出不同的数据(office 2013)

    第一步: 第二步: 第三步: