Loading…
Fast privacy-preserving network function outsourcing
In this paper, we present the design and implementation of SplitBox, a system for privacy-preserving processing of network functions outsourced to cloud middleboxes—i.e., without revealing the policies governing these functions. SplitBox is built to provide privacy for a generic network function tha...
Saved in:
| Published in: | Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2019-11, Vol.163, p.106893, Article 106893 |
|---|---|
| Main Authors: | , , , , , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c380t-6ce56d2304590f77b38969b90a31618beed883c39ac06eec680730d5464475ce3 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c380t-6ce56d2304590f77b38969b90a31618beed883c39ac06eec680730d5464475ce3 |
| container_end_page | |
| container_issue | |
| container_start_page | 106893 |
| container_title | Computer networks (Amsterdam, Netherlands : 1999) |
| container_volume | 163 |
| creator | Asghar, Hassan Jameel De Cristofaro, Emiliano Jourjon, Guillaume Kaafar, Mohammed Ali Mathy, Laurent Melis, Luca Russell, Craig Yu, Mang |
| description | In this paper, we present the design and implementation of SplitBox, a system for privacy-preserving processing of network functions outsourced to cloud middleboxes—i.e., without revealing the policies governing these functions. SplitBox is built to provide privacy for a generic network function that abstracts the functionality of a variety of network functions and associated policies, including firewalls, virtual LANs, network address translators (NATs), deep packet inspection, and load balancers. We present a scalable design aiming to provide high throughput and low latency, by distributing functionalities to a few virtual machines (VMs), while providing provably secure guarantees. We implement SplitBox inside FastClick, an extension of the Click modular router, using Intel’s DPDK to handle packet I/O. We evaluate our prototype experimentally to find its bottlenecks and stress-test its different components, vis-à-vis two widely used network functions, i.e., firewall and VLAN tagging. Our evaluation shows that, on commodity hardware, SplitBox can process packets close to line rate (i.e., 8.9Gbps) with up to 50 traversed policies. |
| doi_str_mv | 10.1016/j.comnet.2019.106893 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2322648641</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1389128618309873</els_id><sourcerecordid>2322648641</sourcerecordid><originalsourceid>FETCH-LOGICAL-c380t-6ce56d2304590f77b38969b90a31618beed883c39ac06eec680730d5464475ce3</originalsourceid><addsrcrecordid>eNp9UMtOwzAQtBBIlMIfcIjEOWX9iGNfkFBFC1IlLnC2UmeDHGhcbKeof4-rcOa0q92Z2Z0h5JbCggKV9_3C-t2AacGA6jySSvMzMqOqZmUNUp_nnitdUqbkJbmKsQcAIZiaEbFqYir2wR0aeyz3ASOGgxs-iiz348Nn0Y2DTc4PhR9T9GOweXlNLrrmK-LNX52T99XT2_K53LyuX5aPm9JyBamUFivZMg6i0tDV9Tb_IPVWQ8OppGqL2CrFLdeNBYlopYKaQ1sJKURdWeRzcjfp7oP_HjEm0-cPhnzSMM6YFEoKmlFiQtngYwzYmWxn14SjoWBO-ZjeTPmYUz5myifTHiYaZgcHh8FE63Cw2LqANpnWu_8FfgH6fm-Q</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2322648641</pqid></control><display><type>article</type><title>Fast privacy-preserving network function outsourcing</title><source>Library & Information Science Abstracts (LISA)</source><source>ScienceDirect Journals</source><creator>Asghar, Hassan Jameel ; De Cristofaro, Emiliano ; Jourjon, Guillaume ; Kaafar, Mohammed Ali ; Mathy, Laurent ; Melis, Luca ; Russell, Craig ; Yu, Mang</creator><creatorcontrib>Asghar, Hassan Jameel ; De Cristofaro, Emiliano ; Jourjon, Guillaume ; Kaafar, Mohammed Ali ; Mathy, Laurent ; Melis, Luca ; Russell, Craig ; Yu, Mang</creatorcontrib><description>In this paper, we present the design and implementation of SplitBox, a system for privacy-preserving processing of network functions outsourced to cloud middleboxes—i.e., without revealing the policies governing these functions. SplitBox is built to provide privacy for a generic network function that abstracts the functionality of a variety of network functions and associated policies, including firewalls, virtual LANs, network address translators (NATs), deep packet inspection, and load balancers. We present a scalable design aiming to provide high throughput and low latency, by distributing functionalities to a few virtual machines (VMs), while providing provably secure guarantees. We implement SplitBox inside FastClick, an extension of the Click modular router, using Intel’s DPDK to handle packet I/O. We evaluate our prototype experimentally to find its bottlenecks and stress-test its different components, vis-à-vis two widely used network functions, i.e., firewall and VLAN tagging. Our evaluation shows that, on commodity hardware, SplitBox can process packets close to line rate (i.e., 8.9Gbps) with up to 50 traversed policies.</description><identifier>ISSN: 1389-1286</identifier><identifier>EISSN: 1872-7069</identifier><identifier>DOI: 10.1016/j.comnet.2019.106893</identifier><language>eng</language><publisher>Amsterdam: Elsevier B.V</publisher><subject>Bottlenecks ; Firewalls ; Inspection ; Middlebox ; NFV ; Outsourcing ; Policies ; Privacy ; Translators ; Virtual environments ; Virtual local area networks</subject><ispartof>Computer networks (Amsterdam, Netherlands : 1999), 2019-11, Vol.163, p.106893, Article 106893</ispartof><rights>2019</rights><rights>Copyright Elsevier Sequoia S.A. Nov 9, 2019</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c380t-6ce56d2304590f77b38969b90a31618beed883c39ac06eec680730d5464475ce3</citedby><cites>FETCH-LOGICAL-c380t-6ce56d2304590f77b38969b90a31618beed883c39ac06eec680730d5464475ce3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925,34135</link.rule.ids></links><search><creatorcontrib>Asghar, Hassan Jameel</creatorcontrib><creatorcontrib>De Cristofaro, Emiliano</creatorcontrib><creatorcontrib>Jourjon, Guillaume</creatorcontrib><creatorcontrib>Kaafar, Mohammed Ali</creatorcontrib><creatorcontrib>Mathy, Laurent</creatorcontrib><creatorcontrib>Melis, Luca</creatorcontrib><creatorcontrib>Russell, Craig</creatorcontrib><creatorcontrib>Yu, Mang</creatorcontrib><title>Fast privacy-preserving network function outsourcing</title><title>Computer networks (Amsterdam, Netherlands : 1999)</title><description>In this paper, we present the design and implementation of SplitBox, a system for privacy-preserving processing of network functions outsourced to cloud middleboxes—i.e., without revealing the policies governing these functions. SplitBox is built to provide privacy for a generic network function that abstracts the functionality of a variety of network functions and associated policies, including firewalls, virtual LANs, network address translators (NATs), deep packet inspection, and load balancers. We present a scalable design aiming to provide high throughput and low latency, by distributing functionalities to a few virtual machines (VMs), while providing provably secure guarantees. We implement SplitBox inside FastClick, an extension of the Click modular router, using Intel’s DPDK to handle packet I/O. We evaluate our prototype experimentally to find its bottlenecks and stress-test its different components, vis-à-vis two widely used network functions, i.e., firewall and VLAN tagging. Our evaluation shows that, on commodity hardware, SplitBox can process packets close to line rate (i.e., 8.9Gbps) with up to 50 traversed policies.</description><subject>Bottlenecks</subject><subject>Firewalls</subject><subject>Inspection</subject><subject>Middlebox</subject><subject>NFV</subject><subject>Outsourcing</subject><subject>Policies</subject><subject>Privacy</subject><subject>Translators</subject><subject>Virtual environments</subject><subject>Virtual local area networks</subject><issn>1389-1286</issn><issn>1872-7069</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>F2A</sourceid><recordid>eNp9UMtOwzAQtBBIlMIfcIjEOWX9iGNfkFBFC1IlLnC2UmeDHGhcbKeof4-rcOa0q92Z2Z0h5JbCggKV9_3C-t2AacGA6jySSvMzMqOqZmUNUp_nnitdUqbkJbmKsQcAIZiaEbFqYir2wR0aeyz3ASOGgxs-iiz348Nn0Y2DTc4PhR9T9GOweXlNLrrmK-LNX52T99XT2_K53LyuX5aPm9JyBamUFivZMg6i0tDV9Tb_IPVWQ8OppGqL2CrFLdeNBYlopYKaQ1sJKURdWeRzcjfp7oP_HjEm0-cPhnzSMM6YFEoKmlFiQtngYwzYmWxn14SjoWBO-ZjeTPmYUz5myifTHiYaZgcHh8FE63Cw2LqANpnWu_8FfgH6fm-Q</recordid><startdate>20191109</startdate><enddate>20191109</enddate><creator>Asghar, Hassan Jameel</creator><creator>De Cristofaro, Emiliano</creator><creator>Jourjon, Guillaume</creator><creator>Kaafar, Mohammed Ali</creator><creator>Mathy, Laurent</creator><creator>Melis, Luca</creator><creator>Russell, Craig</creator><creator>Yu, Mang</creator><general>Elsevier B.V</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>E3H</scope><scope>F2A</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20191109</creationdate><title>Fast privacy-preserving network function outsourcing</title><author>Asghar, Hassan Jameel ; De Cristofaro, Emiliano ; Jourjon, Guillaume ; Kaafar, Mohammed Ali ; Mathy, Laurent ; Melis, Luca ; Russell, Craig ; Yu, Mang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c380t-6ce56d2304590f77b38969b90a31618beed883c39ac06eec680730d5464475ce3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Bottlenecks</topic><topic>Firewalls</topic><topic>Inspection</topic><topic>Middlebox</topic><topic>NFV</topic><topic>Outsourcing</topic><topic>Policies</topic><topic>Privacy</topic><topic>Translators</topic><topic>Virtual environments</topic><topic>Virtual local area networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Asghar, Hassan Jameel</creatorcontrib><creatorcontrib>De Cristofaro, Emiliano</creatorcontrib><creatorcontrib>Jourjon, Guillaume</creatorcontrib><creatorcontrib>Kaafar, Mohammed Ali</creatorcontrib><creatorcontrib>Mathy, Laurent</creatorcontrib><creatorcontrib>Melis, Luca</creatorcontrib><creatorcontrib>Russell, Craig</creatorcontrib><creatorcontrib>Yu, Mang</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Library & Information Sciences Abstracts (LISA)</collection><collection>Library & Information Science Abstracts (LISA)</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Asghar, Hassan Jameel</au><au>De Cristofaro, Emiliano</au><au>Jourjon, Guillaume</au><au>Kaafar, Mohammed Ali</au><au>Mathy, Laurent</au><au>Melis, Luca</au><au>Russell, Craig</au><au>Yu, Mang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Fast privacy-preserving network function outsourcing</atitle><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle><date>2019-11-09</date><risdate>2019</risdate><volume>163</volume><spage>106893</spage><pages>106893-</pages><artnum>106893</artnum><issn>1389-1286</issn><eissn>1872-7069</eissn><abstract>In this paper, we present the design and implementation of SplitBox, a system for privacy-preserving processing of network functions outsourced to cloud middleboxes—i.e., without revealing the policies governing these functions. SplitBox is built to provide privacy for a generic network function that abstracts the functionality of a variety of network functions and associated policies, including firewalls, virtual LANs, network address translators (NATs), deep packet inspection, and load balancers. We present a scalable design aiming to provide high throughput and low latency, by distributing functionalities to a few virtual machines (VMs), while providing provably secure guarantees. We implement SplitBox inside FastClick, an extension of the Click modular router, using Intel’s DPDK to handle packet I/O. We evaluate our prototype experimentally to find its bottlenecks and stress-test its different components, vis-à-vis two widely used network functions, i.e., firewall and VLAN tagging. Our evaluation shows that, on commodity hardware, SplitBox can process packets close to line rate (i.e., 8.9Gbps) with up to 50 traversed policies.</abstract><cop>Amsterdam</cop><pub>Elsevier B.V</pub><doi>10.1016/j.comnet.2019.106893</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1389-1286 |
| ispartof | Computer networks (Amsterdam, Netherlands : 1999), 2019-11, Vol.163, p.106893, Article 106893 |
| issn | 1389-1286 1872-7069 |
| language | eng |
| recordid | cdi_proquest_journals_2322648641 |
| source | Library & Information Science Abstracts (LISA); ScienceDirect Journals |
| subjects | Bottlenecks Firewalls Inspection Middlebox NFV Outsourcing Policies Privacy Translators Virtual environments Virtual local area networks |
| title | Fast privacy-preserving network function outsourcing |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T06%3A59%3A28IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Fast%20privacy-preserving%20network%20function%20outsourcing&rft.jtitle=Computer%20networks%20(Amsterdam,%20Netherlands%20:%201999)&rft.au=Asghar,%20Hassan%20Jameel&rft.date=2019-11-09&rft.volume=163&rft.spage=106893&rft.pages=106893-&rft.artnum=106893&rft.issn=1389-1286&rft.eissn=1872-7069&rft_id=info:doi/10.1016/j.comnet.2019.106893&rft_dat=%3Cproquest_cross%3E2322648641%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c380t-6ce56d2304590f77b38969b90a31618beed883c39ac06eec680730d5464475ce3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2322648641&rft_id=info:pmid/&rfr_iscdi=true |