Asghar, HJ; De Cristofaro, E; Jourjon, G; Kaafar, MA; Mathy, L; Melis, L; Russell, C; Asghar, HJ; De Cristofaro, E; Jourjon, G; Kaafar, MA; Mathy, L; Melis, L; Russell, C; Yu, M; - view fewer (2019) Fast privacy-preserving network function outsourcing. Computer Networks , 163 10.1016/j.comnet.2019.106893.

Preview

Text De Cristofaro_AAM_Splitbox.pdf - Accepted Version Download (836kB) | Preview

Abstract

In this paper, we present the design and implementation of SplitBox, a system for privacy-preserving processing of network functions outsourced to cloud middleboxes—i.e., without revealing the policies governing these functions. SplitBox is built to provide privacy for a generic network function that abstracts the functionality of a variety of network functions and associated policies, including firewalls, virtual LANs, network address translators (NATs), deep packet inspection, and load balancers. We present a scalable design aiming to provide high throughput and low latency, by distributing functionalities to a few virtual machines (VMs), while providing provably secure guarantees. We implement SplitBox inside FastClick, an extension of the Click modular router, using Intel's DPDK to handle packet I/O. We evaluate our prototype experimentally to find its bottlenecks and stress-test its different components, vis-à-vis two widely used network functions, i.e., firewall and VLAN tagging. Our evaluation shows that, on commodity hardware, SplitBox can process packets close to line rate (i.e., 8.9Gbps) with up to 50 traversed policies.

Download activity - last month

Export as XMLJSONCSV

Download activity - last 12 months

Export as XMLJSONCSV

Downloads by country - last 12 months

Export as XMLJSONCSV

Archive Staff Only

View Item