ENDBOX enable secure networking by client-Side trusted execution.

What

ENDBOX is a scalable middlebox that enable secure networking by client-Side trusted execution.

Why

  • Network attacks -> Operators use middleboxes to improve network performance and security -> High costs.
  • Problems of Current Middleboxes:
    • Centralized hardware -> expensive, vulnerable, limited scalability.
    • Offloading to cloud services -> higher complexity and latency, requires trust in cloud provider, processing of encrypted traffic problematic.
  • Client-Side Middleboxes Functionality has problems -> Leverage trusted execution
    • Both users and client machines cannot be trusted.
    • Users are forced to use middlebox function.

How

  • Shifting Middleboxes to clients.
  • Middlebox functions run inside enclave.
  • Route packets through SGX enclaves using VPN tunnel.

Some Detail

  • Middleboxes: a computer networking device that transforms, inspects, filters, or otherwise manipulates traffic for purposes other than packet forwarding.
  • Using OpenVPN v2.4.0 & Click Modular Router for compare in multiple use cases:
    • Forwarding (FOR)
    • Firewall (FW)
    • Intrusion Prevention (IDPS)
    • Load balancer (LB)
    • DDoS protection (DDoS)
  • Evaluation:
    • Throughput: Different packet size compare.
    • CPU usage & Throughput: Different clients number.

Note: ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution的更多相关文章

  1. SAP NOTE 1999997 - FAQ: SAP HANA Memory

    Symptom You have questions related to the SAP HANA memory. You experience a high memory utilization ...

  2. Linux下的C Socket编程 -- 简介与client端的处理

    Linux下的C Socket编程(一) 介绍 Socket是进程间通信的方式之一,是进程间的通信.这里说的进程并不一定是在同一台机器上也有可能是通过网络连接的不同机器上.只要他们之间建立起了sock ...

  3. go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用)

    目录 go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用) warden direct demo-server gr ...

  4. Caching Tutorial

    for Web Authors and Webmasters This is an informational document. Although technical in nature, it a ...

  5. (转) [it-ebooks]电子书列表

    [it-ebooks]电子书列表   [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Obj ...

  6. squid源码安装下的conf文件默认值和提示

    #    WELCOME TO SQUID 3.0.STABLE26#    ----------------------------##    This is the default Squid c ...

  7. Hadoop官方文档翻译——MapReduce Tutorial

    MapReduce Tutorial(个人指导) Purpose(目的) Prerequisites(必备条件) Overview(综述) Inputs and Outputs(输入输出) MapRe ...

  8. OpenMP初步(英文)

    Beginning OpenMP OpenMP provides a straight-forward interface to write software that can use multipl ...

  9. Linux下Nagios的安装与配置

    一.本文说明 本文是在参考:http://www.cnblogs.com/mchina/archive/2013/02/20/2883404.html   David_Tang文章以及网上的一些资料完 ...

随机推荐

  1. java:解决eclipse配置Tomcat时找不到server选项

    http://blog.csdn.net/wugangsunny/article/details/25246565 集成Eclipse和Tomcat时找不到server选项: 按照网上的步骤如下: 在 ...

  2. 使用mybatis-generator插件结合tk.mybatis自动生成mapper二三事

    本篇文章将介绍使用spring boot框架,引入mybatis-generator插件,结合tk.mybatis自动生成Mapper和Entity的一整套流程,其中包括最重要的踩坑与填坑.     ...

  3. 12 Python 函数

    初识函数定义与调用 定义:def 关键词开头,空格之后接函数名称和圆括号(),最后还有一个":". def 是固定的,不能变,必须是连续的def三个字母,不能分开...它们要相亲相 ...

  4. Java企业微信开发_07_总结一下企业微信的配置

    一.企业微信后台 1.回调url 2.可信域名 3.菜单跳转按钮中的链接 4.PC端网页授权 二.代码内 1.企业微信的配置信息:WeiXinParamesUtil

  5. LiveMediaStreamer

    LiveMediaStreamer is an open source multimedia framework that allows the manipulation of multiple au ...

  6. 装了Ironpython还需要装Python吗?

    IronPython 是一种在 NET 和 Mono 上实现的 Python 语言,由 Jim Hugunin(同时也是 Jython 创造者)所创造.IronPython是优雅的python编程语言 ...

  7. [转]JS内存泄漏排查方法(Chrome Profiles)

    Google Chrome浏览器提供了非常强大的JS调试工具,Heap Profiling便是其中一个.Heap Profiling可以记录当前的堆内存(heap)快照,并生成对象的描述文件,该描述文 ...

  8. bzoj 2039 & 洛谷 P1791 人员雇佣 —— 二元关系最小割

    题目:https://www.lydsy.com/JudgeOnline/problem.php?id=2039 https://www.luogu.org/problemnew/show/P1791 ...

  9. 【转】LCS

    动态规划法 经常会遇到复杂问题不能简单地分解成几个子问题,而会分解出一系列的子问题.简单地采用把大问题分解成子问题,并综合子问题的解导出大问题的解的方法,问题求解耗时会按问题规模呈幂级数增加. 为了节 ...

  10. linux 下查看某个进程中线程运行在哪个CPU上

    运行程序,使用命令top查看指定的进程的PID: 然后使用命令: top -H -p PID 按f键,并使用上下切换,利用空格键选中nTH,P: 按esc键,P所在的列就是线程运行的CPU号: