endbox scalable m iddlebox functions using client side
play

EndBox: Scalable M iddlebox Functions Using Client-Side Trusted - PowerPoint PPT Presentation

May 20, 2023 •164 likes •630 views

Institute of Operating Systems and Computer Networks EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA Victorgrigas David Goltzsche, 1 Signe Rsch, 1 Manuel Nieke, 1 Sbastien Vaucher, 2 Nico Weichbrodt, 1

  1. Institute of Operating Systems and Computer Networks EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA Victorgrigas David Goltzsche, 1 Signe Rüsch, 1 Manuel Nieke, 1 Sébastien Vaucher, 2 Nico Weichbrodt, 1 Valerio Schiavoni, 2 Pierre-Louis Aublin, 3 Paolo Costa, 4 Christof Fetzer, 5 Pascal Felber, 2 Peter Pietzuch 3 and Rüdiger Kapitza 1 1 TU Braunschweig goltzsche@ibr.cs.tu-bs.de @d_goltzsche 2 University of Neuchâtel 3 Imperial College London 4 Microsoft Research 5 TU Dresden

  2. Introduction to Middleboxes Design of EndBox Evaluation of EndBox Related Work Conclusion What Are M iddleboxes? Middleboxes are essential parts of large networks Example: enterprise networks Server Server Server Functions related to security or performance Middlebox Enterprise Current best practice: Network Gateway central deployment as physical boxes Client Client Client High infrastructure and management costs (Sherry et al. SIGCOMM’12) Scalability issues with growing client numbers 2018-06-27 D. Goltzsche, TU Braunschweig, Germany DSN’18: EndBox Page 2 Institute of Operating Systems and Computer Networks

  3. Introduction to Middleboxes Design of EndBox Evaluation of EndBox Related Work Conclusion What Are M iddleboxes? Middleboxes are essential parts of large networks Example: enterprise networks Server Server Server Functions related to security or performance Middlebox Enterprise Current best practice: Network Gateway central deployment as physical boxes Client Client Client High infrastructure and management costs (Sherry et al. SIGCOMM’12) Scalability issues with growing client numbers Problem: Middleboxes are necessary for large networks, but come at high costs and do not scale well with number of clients. 2018-06-27 D. Goltzsche, TU Braunschweig, Germany DSN’18: EndBox Page 2 Institute of Operating Systems and Computer Networks

  4. Introduction to Middleboxes Design of EndBox Evaluation of EndBox Related Work Conclusion P lacement of Middleboxes Server Server Server Server Server Server (a) (b) (c) (d) Middlebox Enterprise Network Gateway Enterprise Low infra. cost Network Gateway Client Cloud Middle Low latency Client box Good scalability Client Client Client Client Trusted infrastructure (a) Centralised (b) Cloud-based Easy administration Server Server Server Server Server Server Middle Middle Middle box box box Enterprise Network Gateway Enterprise Network Gateway Client Client Client Middle Middle Middle Client Client Client box box box (c) Server-side (d) Client-side 2018-06-27 D. Goltzsche, TU Braunschweig, Germany DSN’18: EndBox Page 3 Institute of Operating Systems and Computer Networks

  5. Introduction to Middleboxes Design of EndBox Evaluation of EndBox Related Work Conclusion P lacement of Middleboxes Server Server Server Server Server Server (a) (b) (c) (d) Middlebox Enterprise Network Gateway Enterprise Low infra. cost ✗ Network Gateway Client Cloud Middle Low latency ✔ Client box Good scalability Client Client Client ✗ Client Trusted infrastructure ✔ (a) Centralised (b) Cloud-based Easy administration ✔ Server Server Server Server Server Server Middle Middle Middle box box box Enterprise Network Gateway Enterprise Network Gateway Client Client Client Middle Middle Middle Client Client Client box box box (c) Server-side (d) Client-side 2018-06-27 D. Goltzsche, TU Braunschweig, Germany DSN’18: EndBox Page 3 Institute of Operating Systems and Computer Networks

  6. Introduction to Middleboxes Design of EndBox Evaluation of EndBox Related Work Conclusion P lacement of Middleboxes Server Server Server Server Server Server (a) (b) (c) (d) Middlebox Enterprise Network Gateway Enterprise Low infra. cost ✗ ✔ Network Gateway Client Cloud Middle Low latency ✔ ✗ Client box Good scalability Client Client Client ✗ ✔ Client Trusted infrastructure ✔ ✗ (a) Centralised (b) Cloud-based Easy administration ✔ ✔ Server Server Server Server Server Server Middle Middle Middle box box box Enterprise Network Gateway Enterprise Network Gateway Client Client Client Middle Middle Middle Client Client Client box box box (c) Server-side (d) Client-side 2018-06-27 D. Goltzsche, TU Braunschweig, Germany DSN’18: EndBox Page 3 Institute of Operating Systems and Computer Networks

  7. Introduction to Middleboxes Design of EndBox Evaluation of EndBox Related Work Conclusion P lacement of Middleboxes Server Server Server Server Server Server (a) (b) (c) (d) Middlebox Enterprise Network Gateway Enterprise Low infra. cost ✗ ✔ ✔ Network Gateway Client Cloud Middle Low latency ✔ ✗ ✔ Client box Good scalability ✗ ✔ ✗ Client Client Client Client Trusted infrastructure ✔ ✗ ✔ (a) Centralised (b) Cloud-based Easy administration ✔ ✔ ✗ Server Server Server Server Server Server Middle Middle Middle box box box Enterprise Network Gateway Enterprise Network Gateway Client Client Client Middle Middle Middle Client Client Client box box box (c) Server-side (d) Client-side 2018-06-27 D. Goltzsche, TU Braunschweig, Germany DSN’18: EndBox Page 3 Institute of Operating Systems and Computer Networks

  8. Introduction to Middleboxes Design of EndBox Evaluation of EndBox Related Work Conclusion P lacement of Middleboxes Server Server Server Server Server Server (a) (b) (c) (d) Middlebox Enterprise Network Gateway Enterprise Low infra. cost ✗ ✔ ✔ ✔ Network Gateway Client Cloud Middle Low latency ✔ ✗ ✔ ✔ Client box Good scalability ✗ ✔ ✗ ✔ Client Client Client Client Trusted infrastructure ✔ ✗ ✔ ✗ (a) Centralised (b) Cloud-based Easy administration ✔ ✔ ✗ ✗ Server Server Server Server Server Server Middle Middle Middle box box box Enterprise Network Gateway Enterprise Network Gateway Client Client Client Middle Middle Middle Client Client Client box box box (c) Server-side (d) Client-side 2018-06-27 D. Goltzsche, TU Braunschweig, Germany DSN’18: EndBox Page 3 Institute of Operating Systems and Computer Networks

  9. Introduction to Middleboxes Design of EndBox Evaluation of EndBox Related Work Conclusion P lacement of Middleboxes Server Server Server Server Server Server (a) (b) (c) (d) Middlebox Enterprise Network Gateway Enterprise Low infra. cost ✗ ✔ ✔ ✔ Network Gateway Client Cloud Middle Low latency ✔ ✗ ✔ ✔ Client box Good scalability Client Client Client ✗ ✔ ✗ ✔ Client Trusted infrastructure ✔ ✗ ✔ ✔ (a) Centralised (b) Cloud-based Easy administration ✔ ✔ ✗ ✔ ✔ with EndBox Server Server Server Server Server Server Middle Middle Middle box box box Enterprise Network Gateway Enterprise Network Gateway EndBox targets enterprise networks and Client Client Client Middle Middle Middle places middleboxes on untrusted clients . Client Client Client box box box (c) Server-side (d) Client-side 2018-06-27 D. Goltzsche, TU Braunschweig, Germany DSN’18: EndBox Page 3 Institute of Operating Systems and Computer Networks

  10. Introduction to Middleboxes Design of EndBox Evaluation of EndBox Related Work Conclusion Outline Introduction to Middleboxes Design of EndBox Evaluation of EndBox Related Work Conclusion 2018-06-27 D. Goltzsche, TU Braunschweig, Germany DSN’18: EndBox Page 4 Institute of Operating Systems and Computer Networks

  11. Introduction to Middleboxes Design of EndBox Evaluation of EndBox Related Work Conclusion Approach of EndBox Enterprise Client machine Network Applications configures Admin FW/GW EndBox Client EndBox Server TEE Untrusted clients can manipulate or circumvent traffic analysis Client traffic routed through trusted execution environments (TEEs) Inside TEE, packets are processed, signed and encrypted Unsigned outgoing traffic dropped by firewall/gateway (FW/GW) Encrypted incoming traffic cannot be encrypted outside of TEE 2018-06-27 D. Goltzsche, TU Braunschweig, Germany DSN’18: EndBox Page 5 Institute of Operating Systems and Computer Networks

  12. Introduction to Middleboxes Design of EndBox Evaluation of EndBox Related Work Conclusion Approach of EndBox Enterprise Client machine Apps Network EndBox Applications configures Client Admin FW/GW TEE EndBox Client EndBox Server TEE Untrusted clients can manipulate or circumvent traffic analysis Client traffic routed through trusted execution environments (TEEs) Inside TEE, packets are processed, signed and encrypted Unsigned outgoing traffic dropped by firewall/gateway (FW/GW) Encrypted incoming traffic cannot be encrypted outside of TEE 2018-06-27 D. Goltzsche, TU Braunschweig, Germany DSN’18: EndBox Page 5 Institute of Operating Systems and Computer Networks

Recommend

Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

CSE 127: Computer Security Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side web applications (from vulnerable/untrusted components) Modern web sites are complicated Many acting parties on a site

867 views • 62 slides
CSCC09 Programming on the Web Thierry Sans Architecture of a Web Application Client Side

CSCC09 Programming on the Web Thierry Sans Architecture of a Web Application Client Side

CSCC09 Programming on the Web Thierry Sans Architecture of a Web Application Client Side Server Side Web Server Web Browser Web Technologies Content Resources Presentation management Client Side Processing Multimedia The evolution of

1.24k views • 23 slides
Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client Client Side Server Side Web Server Database Web Browser Cookies The big picture key/value pairs data Client Side Server Side HTTP request

783 views • 13 slides
CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser

CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser

CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser after page is sent back from server often this code manipulates the page or responds to user actions What is JavaScript? a lightweight

643 views • 29 slides
Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

CSE 127: Computer Security Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side web applications (from vulnerable/untrusted components) Modern web sites are complicated Modern web sites are

709 views • 57 slides
DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side

DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side

DEFCON DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side Exploitation Script Based Attack Powershell,Jscript,Vbscript Vbscript:still people use IE, you can call wmic and powershell script to execute.

428 views • 15 slides
Client-Side Direct I/O for NFS Mike Kupfer kupfer@Eng.Sun.COM 28 February 1997 1 Client-Side

Client-Side Direct I/O for NFS Mike Kupfer kupfer@Eng.Sun.COM 28 February 1997 1 Client-Side

Client-Side Direct I/O for NFS Mike Kupfer kupfer@Eng.Sun.COM 28 February 1997 1 Client-Side Direct I/O for NFS Connectathon 1997 Disclaimer This is not a product announcement. 2 Client-Side Direct I/O for NFS Connectathon 1997

311 views • 16 slides
CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis

CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis

CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application Popular attacks Cross-site

266 views • 15 slides
CSE 510 Web Data Engineering Client-Side Programming JavaScript UB CSE 510 Web Data Engineering

CSE 510 Web Data Engineering Client-Side Programming JavaScript UB CSE 510 Web Data Engineering

CSE 510 Web Data Engineering Client-Side Programming JavaScript UB CSE 510 Web Data Engineering Web Programming Paradigms So far we have seen server-side programming Next Enrich user experience, interactivity with client- side

759 views • 24 slides
Cutting-edge Think Tank BLACK HAT EUROPE 2008 CLIENT-SIDE SECURITY Overview of various

Cutting-edge Think Tank BLACK HAT EUROPE 2008 CLIENT-SIDE SECURITY Overview of various

Cutting-edge Think Tank BLACK HAT EUROPE 2008 CLIENT-SIDE SECURITY Overview of various Client-Side Hacking Tricks and Techniques pdp Information Security Researcher, founder of the GNUCITIZEN group OBJECTIVES I was planning to...

948 views • 59 slides
Right hemisphere Motor functions on left side of body Perceives left side of space Left

Right hemisphere Motor functions on left side of body Perceives left side of space Left

Week 6 Lab: Hemispheric Functions - Contralateral processing Back to Index Right hemisphere Motor functions on left side of body Perceives left side of space Left hemisphere Motor functions on right side of body Perceives right side of space

276 views • 13 slides
Write Fast, Read in the Past: Causal Consistency for Client-side Apps with SwiftCloud App App

Write Fast, Read in the Past: Causal Consistency for Client-side Apps with SwiftCloud App App

Challenge: Database Access for Client-side Apps Write Fast, Read in the Past: Causal Consistency for Client-side Apps with SwiftCloud App App Presented by Marek Zawirski App App Inria / UPMC-LIP6, Paris (now at Google, Zrich) Marek

469 views • 13 slides
CLIENT-SIDE STATIC ANALYSIS Ben Livshits, Microsoft Research Overview of Todays Lecture 2

CLIENT-SIDE STATIC ANALYSIS Ben Livshits, Microsoft Research Overview of Todays Lecture 2

CLIENT-SIDE STATIC ANALYSIS Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Client-side JavaScript Browser Analysis of JavaScript Plugins eval and code Extensions obfuscation Firefox extension model

812 views • 51 slides
Storing Data Thierry Sans Modern Web Platform Client Side Server Side Web API Database Why

Storing Data Thierry Sans Modern Web Platform Client Side Server Side Web API Database Why

Storing Data Thierry Sans Modern Web Platform Client Side Server Side Web API Database Why using a database Persistency Concurrency (avoid race conditions) Query Scalability SQL vs NoSQL databases Relational database (SQL

475 views • 10 slides
Web Engineering 1. Introduction 2. Client Side Programming Prof. Dr. Dr. h.c. mult. Gerhard

Web Engineering 1. Introduction 2. Client Side Programming Prof. Dr. Dr. h.c. mult. Gerhard

Content Web Engineering 1. Introduction 2. Client Side Programming Prof. Dr. Dr. h.c. mult. Gerhard Krger, Albrecht Schmidt 3. Server Side Programming Universitt Karlsruhe Fakultt fr Informatik Institut fr Telematik Wintersemester

395 views • 17 slides
Web Engineering 1. Introduction 2. Client Side Programming Prof. Dr. Dr. h.c. mult. Gerhard

Web Engineering 1. Introduction 2. Client Side Programming Prof. Dr. Dr. h.c. mult. Gerhard

Content Web Engineering 1. Introduction 2. Client Side Programming Prof. Dr. Dr. h.c. mult. Gerhard Krger, Albrecht Schmidt 3. Server Side Programming Universitt Karlsruhe Fakultt fr Informatik Institut fr Telematik Wintersemester

532 views • 14 slides
EAP Client-side Transport draft-boursetty-eap-cst-00.txt IETF 57 EAP WG July 2003 A typical EAP

EAP Client-side Transport draft-boursetty-eap-cst-00.txt IETF 57 EAP WG July 2003 A typical EAP

EAP Client-side Transport draft-boursetty-eap-cst-00.txt IETF 57 EAP WG July 2003 A typical EAP setup Access Target Client NAS Network Network AAA server S 2 A new EAP setup Authentication AuthToken AuthServer Integrity Client

628 views • 7 slides
PHP Introduction ATLS 3020 Digital Media 2 Aileen Pierce Client vs. Server Side Scripting

PHP Introduction ATLS 3020 Digital Media 2 Aileen Pierce Client vs. Server Side Scripting

PHP Introduction ATLS 3020 Digital Media 2 Aileen Pierce Client vs. Server Side Scripting Client-side scripting (browser) Designed to interact with the user s web page Event-driven Restricted to what a web browser can

329 views • 29 slides
Pub/sub server for the modern web. Flexible, scalable, easy to use. https://nchan.slact.net What

Pub/sub server for the modern web. Flexible, scalable, easy to use. https://nchan.slact.net What

Pub/sub server for the modern web. Flexible, scalable, easy to use. https://nchan.slact.net What is it? HTTP POST Application Websocket Websocket client EventSource client Long-Poll client Buffering Pub/Sub server for web clients

708 views • 49 slides
AJAX Andrea Ferracani Client side programming client - server communication

AJAX Andrea Ferracani Client side programming client - server communication

AJAX Andrea Ferracani Client side programming client - server communication andreaferracani@gmail.com luned 6 maggio 2013 DOM - Document Object Model The Document Object Model ( DOM ) is a

824 views • 39 slides
Php Web-based applications: main elements HTTP PROTOCOL CLIENT SIDE SERVER SIDE HTTP request

Php Web-based applications: main elements HTTP PROTOCOL CLIENT SIDE SERVER SIDE HTTP request

Php Web-based applications: main elements HTTP PROTOCOL CLIENT SIDE SERVER SIDE HTTP request An HTTP request consists of: a request method (verb) , resource URL , header fields ( metadata ), body ( data ) HTTP 1.1 defines 9 request

1.47k views • 136 slides
Introduction to Php Web-based applications: main elements HTTP PROTOCOL CLIENT SIDE SERVER SIDE

Introduction to Php Web-based applications: main elements HTTP PROTOCOL CLIENT SIDE SERVER SIDE

Introduction to Php Web-based applications: main elements HTTP PROTOCOL CLIENT SIDE SERVER SIDE HTTP request An HTTP request consists of: a request method (verb) , resource URL , header fields ( metadata ), body ( data ) HTTP 1.1

1.84k views • 146 slides
Interposed Routing Interposed Request Routing for Scalable Client sends and receives Network

Interposed Routing Interposed Request Routing for Scalable Client sends and receives Network

Interposed Routing Interposed Request Routing for Scalable Client sends and receives Network Storage *Server standard NFS packets. *Server Darrell Anderson, Jeff Chase, and Amin Vahdat NFS Client *Server Department of Computer

317 views • 5 slides
Server and Threads vanilladb.org Where are we? VanillaCore JDBC Interface (at Client Side)

Server and Threads vanilladb.org Where are we? VanillaCore JDBC Interface (at Client Side)

Server and Threads vanilladb.org Where are we? VanillaCore JDBC Interface (at Client Side) Remote.JDBC (Client/Server) Server Query Interface Tx Planner Parse Algebra Storage Interface Sql/Util Concurrency Recovery Metadata Index

787 views • 66 slides

More recommend