ShieldBox: Secure middleboxes using shielded execution

Bohdan Trach, Alfred Krohmer, Franz Gregor, Sergei Arnautov, Pramod Bhatotia, Christof Fetzer

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

82 Scopus citations

Abstract

Middleboxes that process confidential data cannot be securely deployed in untrusted cloud environments. To securely outsource middleboxes to the cloud, state-of-the-art systems advocate network processing over the encrypted traffic. Unfortunately, these systems support only restrictive functionalities, and incur prohibitively high overheads. This motivated the design of ShieldBox-a secure middlebox framework for deploying high-performance network functions (NFs) over untrusted commodity servers. Shield- Box securely processes encrypted traffic inside a secure container by leveraging shielded execution. More specifically, ShieldBox builds on hardware-assisted memory protection based on Intel SGX to provide strong confidentiality and integrity guarantees. For middlebox developers, ShieldBox exposes a generic interface based on Click to design and implement a wide-range of NFs using its out-of-the-box elements and C++ extensions. For network operators, ShieldBox provides configuration and attestation service for seamless and verifiable deployment of middleboxes. We have implemented ShieldBox supporting important end-to-end features required for secure network processing, and performance optimizations. Our extensive evaluation shows that ShieldBox achieves a near-native throughput and latency to securely process confidential data at line rate.

Original languageEnglish
Title of host publicationProceedings of the Symposium on SDN Research, SOSR 2018
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450356640
DOIs
StatePublished - 28 Mar 2018
Externally publishedYes
Event2018 Symposium on SDN Research, SOSR 2018 - Los Angeles, United States
Duration: 28 Mar 201829 Mar 2018

Publication series

NameProceedings of the Symposium on SDN Research, SOSR 2018

Conference

Conference2018 Symposium on SDN Research, SOSR 2018
Country/TerritoryUnited States
CityLos Angeles
Period28/03/1829/03/18

Fingerprint

Dive into the research topics of 'ShieldBox: Secure middleboxes using shielded execution'. Together they form a unique fingerprint.

Cite this