52,175 research outputs found

    LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed

    Full text link
    Running off-site software middleboxes at third-party service providers has been a popular practice. However, routing large volumes of raw traffic, which may carry sensitive information, to a remote site for processing raises severe security concerns. Prior solutions often abstract away important factors pertinent to real-world deployment. In particular, they overlook the significance of metadata protection and stateful processing. Unprotected traffic metadata like low-level headers, size and count, can be exploited to learn supposedly encrypted application contents. Meanwhile, tracking the states of 100,000s of flows concurrently is often indispensable in production-level middleboxes deployed at real networks. We present LightBox, the first system that can drive off-site middleboxes at near-native speed with stateful processing and the most comprehensive protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox is the product of our systematic investigation of how to overcome the inherent limitations of secure enclaves using domain knowledge and customization. First, we introduce an elegant virtual network interface that allows convenient access to fully protected packets at line rate without leaving the enclave, as if from the trusted source network. Second, we provide complete flow state management for efficient stateful processing, by tailoring a set of data structures and algorithms optimized for the highly constrained enclave space. Extensive evaluations demonstrate that LightBox, with all security benefits, can achieve 10Gbps packet I/O, and that with case studies on three stateful middleboxes, it can operate at near-native speed.Comment: Accepted at ACM CCS 201

    Representing Network Trust and Using It to Improve Anonymous Communication

    Full text link
    Motivated by the effectiveness of correlation attacks against Tor, the censorship arms race, and observations of malicious relays in Tor, we propose that Tor users capture their trust in network elements using probability distributions over the sets of elements observed by network adversaries. We present a modular system that allows users to efficiently and conveniently create such distributions and use them to improve their security. The major components of this system are (i) an ontology of network-element types that represents the main threats to and vulnerabilities of anonymous communication over Tor, (ii) a formal language that allows users to naturally express trust beliefs about network elements, and (iii) a conversion procedure that takes the ontology, public information about the network, and user beliefs written in the trust language and produce a Bayesian Belief Network that represents the probability distribution in a way that is concise and easily sampleable. We also present preliminary experimental results that show the distribution produced by our system can improve security when employed by users; further improvement is seen when the system is employed by both users and services.Comment: 24 pages; talk to be presented at HotPETs 201

    Optimal configuration of active and backup servers for augmented reality cooperative games

    Get PDF
    Interactive applications as online games and mobile devices have become more and more popular in recent years. From their combination, new and interesting cooperative services could be generated. For instance, gamers endowed with Augmented Reality (AR) visors connected as wireless nodes in an ad-hoc network, can interact with each other while immersed in the game. To enable this vision, we discuss here a hybrid architecture enabling game play in ad-hoc mode instead of the traditional client-server setting. In our architecture, one of the player nodes also acts as the server of the game, whereas other backup server nodes are ready to become active servers in case of disconnection of the network i.e. due to low energy level of the currently active server. This allows to have a longer gaming session before incurring in disconnections or energy exhaustion. In this context, the server election strategy with the aim of maximizing network lifetime is not so straightforward. To this end, we have hence analyzed this issue through a Mixed Integer Linear Programming (MILP) model and both numerical and simulation-based analysis shows that the backup servers solution fulfills its design objective

    Automated design analysis, assembly planning and motion study analysis using immersive virtual reality

    Get PDF
    Previous research work at Heriot-Watt University using immersive virtual reality (VR) for cable harness design showed that VR provided substantial productivity gains over traditional computer-aided design (CAD) systems. This follow-on work was aimed at understanding the degree to which aspects of this technology were contributed to these benefits and to determine if engineering design and planning processes could be analysed in detail by nonintrusively monitoring and logging engineering tasks. This involved using a CAD-equivalent VR system for cable harness routing design, harness assembly and installation planning that can be functionally evaluated using a set of creative design-tasks to measure the system and users' performance. A novel design task categorisation scheme was created and formalised which broke down the cable harness design process and associated activities. The system was also used to demonstrate the automatic generation of usable bulkhead connector, cable harness assembly and cable harness installation plans from non-intrusive user logging. Finally, the data generated from the user-logging allowed the automated activity categorisation of the user actions, automated generation of process flow diagrams and chronocyclegraphs

    Growing the use of Virtual Worlds in education : an OpenSim perspective

    Get PDF
    The growth in the range of disciplines that Virtual Worlds support for educational purposes is evidenced by recent applications in the fields of cultural heritage, humanitarian aid, space exploration, virtual laboratories in the physical sciences, archaeology, computer science and coastal geography. This growth is due in part to the flexibility of OpenSim, the open source virtual world platform which by adopting Second Life protocols and norms has created a de facto standard for open virtual worlds that is supported by a growing number of third party open source viewers. Yet while this diversity of use-cases is impressive and Virtual Worlds for open learning are highly popular with lecturers and learners alike immersive education remains an essentially niche activity. This paper identifies functional challenges in terms of Management, Network Infrastructure, the Immersive 3D Web and Programmability that must be addressed to enable the wider adoption of Open Virtual Worlds as a routine learning technology platform. We refer to specific use-cases based on OpenSim and abstract generic requirements which should be met to enable the growth in use of Open Virtual Worlds as a mainstream educational facility. A case study of a deployment to support a formal education curriculum and associated informal learning is used to illustrate key points.Postprin
    corecore