LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed

Running off-site software middleboxes at third-party service providers has been a popular practice. However, routing large volumes of raw traffic, which may carry sensitive information, to a remote site for processing raises severe security concerns. Prior solutions often abstract away important factors pertinent to real-world deployment. In particular, they overlook the significance of metadata protection and stateful processing. Unprotected traffic metadata like low-level headers, size and count, can be exploited to learn supposedly encrypted application contents. Meanwhile, tracking the states of 100,000s of flows concurrently is often indispensable in production-level middleboxes deployed at real networks. We present LightBox, the first system that can drive off-site middleboxes at near-native speed with stateful processing and the most comprehensive protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox is the product of our systematic investigation of how to overcome the inherent limitations of secure enclaves using domain knowledge and customization. First, we introduce an elegant virtual network interface that allows convenient access to fully protected packets at line rate without leaving the enclave, as if from the trusted source network. Second, we provide complete flow state management for efficient stateful processing, by tailoring a set of data structures and algorithms optimized for the highly constrained enclave space. Extensive evaluations demonstrate that LightBox, with all security benefits, can achieve 10Gbps packet I/O, and that with case studies on three stateful middleboxes, it can operate at near-native speed.Comment: Accepted at ACM CCS 201

Virtual Valcamonica: collaborative exploration of prehistoric petroglyphs and their surrounding environment in multi-user virtual reality

In this paper, we present a novel, multi-user, virtual reality environment for the interactive, collaborative 3D analysis of large 3D scans and the technical advancements that were necessary to build it: a multi-view rendering system for large 3D point clouds, a suitable display infrastructure and a suite of collaborative 3D interaction techniques. The cultural heritage site of Valcamonica in Italy with its large collection of prehistoric rock-art served as an exemplary use case for evaluation. The results show that our output-sensitive level-of-detail rendering system is capable of visualizing a 3D dataset with an aggregate size of more than 14 billion points at interactive frame rates. The system design in this exemplar application results from close exchange with a small group of potential users: archaeologists with expertise in rock-art and allows them to explore the prehistoric art and its spatial context with highly realistic appearance. A set of dedicated interaction techniques was developed to facilitate collaborative visual analysis. A multi-display workspace supports the immediate comparison of geographically distributed artifacts. An expert review of the final demonstrator confirmed the potential for added value in rock-art research and the usability of our collaborative interaction techniques

Microbial and Chemical Characterization of Underwater Fresh Water Springs in the Dead Sea

Due to its extreme salinity and high Mg concentration the Dead Sea is characterized by a very low density of cells most of which are Archaea. We discovered several underwater fresh to brackish water springs in the Dead Sea harboring dense microbial communities. We provide the first characterization of these communities, discuss their possible origin, hydrochemical environment, energetic resources and the putative biogeochemical pathways they are mediating. Pyrosequencing of the 16S rRNA gene and community fingerprinting methods showed that the spring community originates from the Dead Sea sediments and not from the aquifer. Furthermore, it suggested that there is a dense Archaeal community in the shoreline pore water of the lake. Sequences of bacterial sulfate reducers, nitrifiers iron oxidizers and iron reducers were identified as well. Analysis of white and green biofilms suggested that sulfide oxidation through chemolitotrophy and phototrophy is highly significant. Hyperspectral analysis showed a tight association between abundant green sulfur bacteria and cyanobacteria in the green biofilms. Together, our findings show that the Dead Sea floor harbors diverse microbial communities, part of which is not known from other hypersaline environments. Analysis of the water’s chemistry shows evidence of microbial activity along the path and suggests that the springs supply nitrogen, phosphorus and organic matter to the microbial communities in the Dead Sea. The underwater springs are a newly recognized water source for the Dead Sea. Their input of microorganisms and nutrients needs to be considered in the assessment of possible impact of dilution events of the lake surface waters, such as those that will occur in the future due to the intended establishment of the Red Sea−Dead Sea water conduit