Hardware-assisted trusted execution environments are secure isolation technologies that
have been engineered to serve as efficient defense mechanisms to provide a security …

Zero-knowledge middleboxes (ZKMBs) are a recent paradigm in which clients get privacy
and middleboxes enforce policy: clients prove in zero knowledge that the plaintext …

This paper initiates research on zero-knowledge middleboxes (ZKMBs). A ZKMB is a
network middlebox that enforces network usage policies on encrypted traffic. Clients send …

Popular messaging applications now enable end-to-end-encryption (E2EE) by default, and
E2EE data storage is becoming common. These important advances for security and privacy …

Network function virtualization (NFV) has been promising to improve the availability,
programmability, and flexibility of network function deployment and communication facilities …

The deployment of large-scale distributed systems, eg, publish-subscribe platforms, that
operate over sensitive data using the infrastructure of public cloud providers, is nowadays …

Content Delivery Networks (CDNs) serve a large and increasing portion of today's web
content. Beyond caching, CDNs provide their customers with a variety of services, including …

In light of ever-increasing scale and sophistication of modern distributed denial-of-service
(DDoS) attacks, recent proposals show that in-network filtering of DDoS traffic at a handful of …

Network middleboxes provide the first line of defense for enterprise networks. Many of them
typically inspect packet payload to filter malicious attack patterns. However, the widespread …

Virtual machines (VMs) inside clouds need to be monitored using intrusion detection
systems (IDS). Since host-based IDS can be easily disabled by intruders, IDS offloading with …