Note: ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution
ENDBOX enable secure networking by client-Side trusted execution.
What
ENDBOX is a scalable middlebox that enable secure networking by client-Side trusted execution.
Why
- Network attacks -> Operators use middleboxes to improve network performance and security -> High costs.
- Problems of Current Middleboxes:
- Centralized hardware -> expensive, vulnerable, limited scalability.
- Offloading to cloud services -> higher complexity and latency, requires trust in cloud provider, processing of encrypted traffic problematic.
- Client-Side Middleboxes Functionality has problems -> Leverage trusted execution
- Both users and client machines cannot be trusted.
- Users are forced to use middlebox function.
How
- Shifting Middleboxes to clients.
- Middlebox functions run inside enclave.
- Route packets through SGX enclaves using VPN tunnel.
Some Detail
- Middleboxes: a computer networking device that transforms, inspects, filters, or otherwise manipulates traffic for purposes other than packet forwarding.
- Using OpenVPN v2.4.0 & Click Modular Router for compare in multiple use cases:
- Forwarding (FOR)
- Firewall (FW)
- Intrusion Prevention (IDPS)
- Load balancer (LB)
- DDoS protection (DDoS)
- Evaluation:
- Throughput: Different packet size compare.
- CPU usage & Throughput: Different clients number.
Note: ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution的更多相关文章
- SAP NOTE 1999997 - FAQ: SAP HANA Memory
Symptom You have questions related to the SAP HANA memory. You experience a high memory utilization ...
- Linux下的C Socket编程 -- 简介与client端的处理
Linux下的C Socket编程(一) 介绍 Socket是进程间通信的方式之一,是进程间的通信.这里说的进程并不一定是在同一台机器上也有可能是通过网络连接的不同机器上.只要他们之间建立起了sock ...
- go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用)
目录 go微服务框架kratos学习笔记四(kratos warden-quickstart warden-direct方式client调用) warden direct demo-server gr ...
- Caching Tutorial
for Web Authors and Webmasters This is an informational document. Although technical in nature, it a ...
- (转) [it-ebooks]电子书列表
[it-ebooks]电子书列表 [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Obj ...
- squid源码安装下的conf文件默认值和提示
# WELCOME TO SQUID 3.0.STABLE26# ----------------------------## This is the default Squid c ...
- Hadoop官方文档翻译——MapReduce Tutorial
MapReduce Tutorial(个人指导) Purpose(目的) Prerequisites(必备条件) Overview(综述) Inputs and Outputs(输入输出) MapRe ...
- OpenMP初步(英文)
Beginning OpenMP OpenMP provides a straight-forward interface to write software that can use multipl ...
- Linux下Nagios的安装与配置
一.本文说明 本文是在参考:http://www.cnblogs.com/mchina/archive/2013/02/20/2883404.html David_Tang文章以及网上的一些资料完 ...
随机推荐
- 属性 visibility
http://www.w3school.com.cn/cssref/pr_class_visibility.asp 可能的值 值 描述 visible 默认值.元素是可见的. hidden 元素是不可 ...
- Codeforces 876B Divisiblity of Differences:数学【任意两数之差为k的倍数】
题目链接:http://codeforces.com/contest/876/problem/B 题意: 给你n个数a[i],让你找出一个大小为k的集合,使得集合中的数两两之差为m的倍数. 若有多解, ...
- 实现两个窗口通信方法-postMessage
此方案可解决跨域而且跨Iframe,而且http和https之间的交互 首先来看一下基本的语法 otherWindow.postMessage(message, targetOrigin, [tran ...
- Linux下视频流媒体直播服务器搭建详解
目标: 搭建网络直播流媒体服务器系统(Linux操作系统) 背景: 用于OTT-TV大并发的直播和点播的一套流媒体服务器系统.支持N x 24小时录制回看和直播的服务器端解决方案. 解决方案: l ...
- 使用 nginx 和 rtmp 插件搭建视频直播和点播服务器
使用 nginx 和 rtmp 模块 ,可以很容易地搭建一个视频直播和点播服务器出来. 首先,看一下最经典的参考文献: How to set up your own private RTMP serv ...
- Hihocoder1662 : 查找三阶幻方([Offer收割]编程练习赛40)(暴力)
时间限制:10000ms 单点时限:1000ms 内存限制:256MB 描述 给定一个N x M的矩阵,请你数一数其中有多少个3 x 3的子矩阵可以构成三阶幻方? 如果3 x 3的矩阵中每一行.每一列 ...
- 2017-2018-1 20179203 《Linux内核原理与分析》第三周作业
攥写人:李鹏举 学号:20179203 ( 原创作品转载请注明出处) ( 学习课程:<Linux内核分析>MOOC课程http://mooc.study.163.com/course/US ...
- BZOJ3680:吊打XXX
我对模拟退火的理解:https://www.cnblogs.com/AKMer/p/9580982.html 我对爬山的理解:https://www.cnblogs.com/AKMer/p/95552 ...
- k8s 基础 问题
vim /usr/lib/systemd/system/docker.service --insecure-registry registry.access.redhat.com \ ubelet.s ...
- mysql主从服务器复制原理
在实际企业应用环境当中,单台mysql数据库是不足以满足日后业务需求的.譬如服务器发生故障,没有备份服务器来提供服务的话,业务就得停止.介于这种情况,我们来学习一下mysql主从复制. 将Mysql的 ...