Chang Lan, Justine Sherry, Raluca Ada Popa, and Sylvia Ratnasamy, University of California, Berkeley; Zhi Liu, Tsinghua University
Abstract:
It is increasingly common for enterprises and other organizations to outsource network processing to the cloud. For example, enterprises may outsource firewalling, caching, and deep packet inspection, just as they outsource compute and storage. However, this poses a threat to enterprise confidentiality because the cloud provider gains access to the organization’s traffic.
We design and build Embark, the first system that enables a cloud provider to support middlebox outsourcing while maintaining the client’s confidentiality. Embark encrypts the traffic that reaches the cloud and enables the cloud to process the encrypted traffic without decrypting it. Embark supports a wide-range of middleboxes such as firewalls, NATs, web proxies, load balancers, and data ex- filtration systems. Our evaluation shows that Embark supports these applications with competitive performance.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {194934,
author = {Chang Lan and Justine Sherry and Raluca Ada Popa and Sylvia Ratnasamy and Zhi Liu},
title = {Embark: Securely Outsourcing Middleboxes to the Cloud},
booktitle = {13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16)},
year = {2016},
isbn = {978-1-931971-29-4},
address = {Santa Clara, CA},
pages = {255--273},
url = {https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/lan},
publisher = {USENIX Association},
month = mar
}
Twitter
Facebook
LinkedIn
Google+
YouTube
connect with us