Splitbox: toward efficient private network function virtualization

Hassan Jameel Asghar, Luca Melis, Cyril Soldani, Emiliano De Cristofaro, Mohamed Ali Kaafar, Laurent Mathy

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

24 Citations (Scopus)

Abstract

This paper presents SplitBox, a scalable system for privately processing network functions that are outsourced as software processes to the cloud. Specifically, providers processing the network functions do not learn the network policies instructing how the functions are to be processed. We first propose an abstract model of a generic network function based on match-action pairs, assuming that this is processed in a distributed manner by multiple honest-but-curious providers. Then, we introduce our SplitBox system for private network function virtualization and present a proof-of-concept implementation on FastClick – an extension of the Click modular router – using a firewall as a use case. Our experimental results show that SplitBox achieves a throughput of over 2 Gbps with 1 kB-sized packets on average, traversing up to 60 firewall rules.
Original languageEnglish
Title of host publicationHotMIddlebox '16
Subtitle of host publicationProceedings of the 2016 workshop on Hot topics in Middleboxes and Network Function Virtualization
Place of PublicationNew York
PublisherACM
Pages7-13
Number of pages7
ISBN (Electronic)9781450344241
DOIs
Publication statusPublished - 2016
Externally publishedYes
EventWorkshop on Hot topics in Middleboxes and Network Function Virtualization, SIGCOMM 2016 - Florianopolis, Brazil
Duration: 22 Aug 201626 Aug 2016

Conference

ConferenceWorkshop on Hot topics in Middleboxes and Network Function Virtualization, SIGCOMM 2016
Abbreviated titleSIGCOMM '16
CountryBrazil
CityFlorianopolis
Period22/08/1626/08/16

Keywords

  • Middlebox Privacy
  • Secret Sharing
  • Network Function Virtualization
  • Firewalls

Fingerprint Dive into the research topics of 'Splitbox: toward efficient private network function virtualization'. Together they form a unique fingerprint.

Cite this