A comparison study of intel SGX and AMD memory encryption technology
Hardware-assisted trusted execution environments are secure isolation technologies that
have been engineered to serve as efficient defense mechanisms to provide a security …
have been engineered to serve as efficient defense mechanisms to provide a security …
Zombie: Middleboxes that {Don't} Snoop
Zero-knowledge middleboxes (ZKMBs) are a recent paradigm in which clients get privacy
and middleboxes enforce policy: clients prove in zero knowledge that the plaintext …
and middleboxes enforce policy: clients prove in zero knowledge that the plaintext …
{Zero-Knowledge} Middleboxes
This paper initiates research on zero-knowledge middleboxes (ZKMBs). A ZKMB is a
network middlebox that enforces network usage policies on encrypted traffic. Clients send …
network middlebox that enforces network usage policies on encrypted traffic. Clients send …
Sok: Content moderation for end-to-end encryption
S Scheffler, J Mayer - arXiv preprint arXiv:2303.03979, 2023 - arxiv.org
Popular messaging applications now enable end-to-end-encryption (E2EE) by default, and
E2EE data storage is becoming common. These important advances for security and privacy …
E2EE data storage is becoming common. These important advances for security and privacy …
Building in-the-cloud network functions: Security and privacy challenges
Network function virtualization (NFV) has been promising to improve the availability,
programmability, and flexibility of network function deployment and communication facilities …
programmability, and flexibility of network function deployment and communication facilities …
Security, performance and energy trade-offs of hardware-assisted memory protection mechanisms
The deployment of large-scale distributed systems, eg, publish-subscribe platforms, that
operate over sensitive data using the infrastructure of public cloud providers, is nowadays …
operate over sensitive data using the infrastructure of public cloud providers, is nowadays …
Achieving Keyless {CDNs} with Conclaves
Content Delivery Networks (CDNs) serve a large and increasing portion of today's web
content. Beyond caching, CDNs provide their customers with a variety of services, including …
content. Beyond caching, CDNs provide their customers with a variety of services, including …
Practical verifiable in-network filtering for DDoS defense
In light of ever-increasing scale and sophistication of modern distributed denial-of-service
(DDoS) attacks, recent proposals show that in-network filtering of DDoS traffic at a handful of …
(DDoS) attacks, recent proposals show that in-network filtering of DDoS traffic at a handful of …
A secure middlebox framework for enabling visibility over multiple encryption protocols
Network middleboxes provide the first line of defense for enterprise networks. Many of them
typically inspect packet payload to filter malicious attack patterns. However, the widespread …
typically inspect packet payload to filter malicious attack patterns. However, the widespread …
Secure offloading of intrusion detection systems from VMs with Intel SGX
T Nakano, K Kourai - 2021 IEEE 14th International Conference …, 2021 - ieeexplore.ieee.org
Virtual machines (VMs) inside clouds need to be monitored using intrusion detection
systems (IDS). Since host-based IDS can be easily disabled by intruders, IDS offloading with …
systems (IDS). Since host-based IDS can be easily disabled by intruders, IDS offloading with …