Network Convergence & Security Laboratory

Abstract

Running off-site software middleboxes at third-party service providers has been a popular practice. However, routing large volumes of raw traffic, which may carry sensitive information, to a remote site for processing raises severe security concerns. Prior solutions often abstract away important factors pertinent to real-world deployment. In particular, they overlook the significance of metadata protection and stateful processing. Unprotected traffic metadata like low-level headers, size and count, can be exploited to learn supposedly encrypted application contents. Meanwhile, tracking the states of 100,000s of flows concurrently is often indispensable in production-level middleboxes deployed at real networks.

We present LightBox, the first system that can drive off-site middleboxes at near-native speed with stateful processing and the most comprehensive protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox is the product of our systematic investigation of how to overcome the inherent limitations of secure enclaves using domain knowledge and customization. First, we introduce an elegant virtual network interface that allows convenient access to fully protected packets at line rate without leaving the enclave, as if from the trusted source network. Second, we provide complete flow state management for efficient stateful processing, by tailoring a set of data structures and algorithms optimized for the highly constrained enclave space. Extensive evaluations demonstrate that LightBox, with all security benefits, can achieve 10Gbps packet I/O, and that with case studies on three stateful middleboxes, it can operate at near-native speed.

제목 작성자 추천수 조회수 작성
[2020.03.18] Encoding Social Information with Graph Convolutional Networks for Political Perspective Detection in News Media file slchun 0 64 2020-03-18 [2020.03.18] Encoding Social Information with Graph Convolutional Networks for Political Perspective Detection in News Media file
slchun 2020-03-18 64 0
[2020.03.04] We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy file ykjung 0 67 2020-03-04 [2020.03.04] We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy file
ykjung 2020-03-04 67 0
[2020.01.30.] LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed file hwlee2014 0 62 2020-02-17 [2020.01.30.] LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed file
hwlee2014 2020-02-17 62 0
[2020.02.13] Quack: Scalable Remote Measurement of Application-Layer Censorship file hmlee 0 58 2020-02-17 [2020.02.13] Quack: Scalable Remote Measurement of Application-Layer Censorship file
hmlee 2020-02-17 58 0
[2020.01.09] End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks file jhlee2019 0 79 2020-01-09 [2020.01.09] End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks file
jhlee2019 2020-01-09 79 0
[2020.01.02] Sentiment Analysis of Peer Review Texts for Scholarly Papers file slchun 0 61 2020-01-02 [2020.01.02] Sentiment Analysis of Peer Review Texts for Scholarly Papers file
slchun 2020-01-02 61 0