Related papers: LightBox: Full-stack Protected Stateful Middlebox …
Transport layer data leaks metadata unintentionally -- such as who communicates with whom. While tools for strong transport layer privacy exist, they have adoption obstacles, including performance overheads incompatible with mobile devices.…
As an emerging application paradigm, serverless computing attracts attention from more and more attackers. Unfortunately, security tools for conventional applications cannot be easily ported to serverless, and existing serverless security…
The exponential growth of data traffic and the increasing complexity of networked applications demand effective solutions capable of passively inspecting and analysing the network traffic for monitoring and security purposes. Implementing…
In the present-day, distributed applications are commonly spread across multiple datacenters, reaching out to edge and fog computing locations. The transition away from single datacenter hosting is driven by capacity constraints in…
Energy harvesting is a promising solution to power Internet of Things (IoT) devices. Due to the intermittent nature of these energy sources, one cannot guarantee forward progress of program execution. Prior work has advocated for…
This white paper presents an analysis done by the MAMI project of the privacy and security concerns surrounding middlebox cooperation protocols (MCPs), based on our experimental experience with the Path Layer UDP Substrate (PLUS) proposal.…
Middleboxes or network appliances like firewalls, proxies and WAN optimizers have become an integral part of today's ISP and enterprise networks. Middlebox functionalities are usually deployed on expensive and proprietary hardware that…
State channel network is the most popular layer-2 solution to theissues of scalability, high transaction fees, and low transaction throughput of public Blockchain networks. However, the existing works have limitations that curb the wide…
The Lightning Network, known for its millisecond settlement speeds and low transaction fees, offers a compelling alternative to traditional payment processors, which often have higher fees and longer processing times. This is particularly…
Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange of data between services across enterprises. Traditional access and usage control mechanisms are only able to determine if data may be used by…
Lightweight block ciphers have been widely used in applications such as RFID tags, IoTs, and network sensors. Among them, with comparable parameters, the Light Encryption Device (LED) block cipher achieves the smallest area. However,…
Serverless computing is an approach to cloud computing that allows programmers to run serverless functions in response to external events. Serverless functions are priced at sub-second granularity, support transparent elasticity, and…
Network services are among the riskiest programs executed by production systems. Such services execute large quantities of complex code and process data from arbitrary and untrusted network sources, often with high levels of system…
With the increasing use and adoption of cloud and cloud-native computing, the underlying technologies (i.e., containerization and virtualization) have become foundational. However, strict isolation and maintaining runtime security in these…
While Trusted Execution Environments provide a strong foundation for secure cloud computing, they remain vulnerable to access pattern leakages. Oblivious Maps (OMAPs) mitigate this by fully hiding access patterns but suffer from high…
We propose, implement, and experimentally evaluate a runtime middleware to support high-throughput execution on hybrid cluster machines of large-scale analysis applications. A hybrid cluster machine consists of computation nodes which have…
The closed design of mobile devices -- with the increased security and consistent user interfaces -- is in large part responsible for their becoming the dominant platform for accessing the Internet. These benefits, however, are not without…
Novel hardware-aided trusted execution environments, as provided by Intel's Software Guard Extensions (SGX), enable to execute applications in a secure context that enforces confidentiality and integrity of the application state even when…
Metadata hotspots remain one of the key obstacles to scalable Input/Output (I/O) in both High-Performance Computing (HPC) and cloud-scale storage environments. Situations such as job start-ups, checkpoint storms, or heavily skewed namespace…
Embedded and Internet-of-Things (IoT) devices play a critical role in modern life. Their software and firmware, often developed in memory-unsafe languages like C, are susceptible to memory safety vulnerabilities that can lead to…