8 research outputs found
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed
Running off-site software middleboxes at third-party service providers has
been a popular practice. However, routing large volumes of raw traffic, which
may carry sensitive information, to a remote site for processing raises severe
security concerns. Prior solutions often abstract away important factors
pertinent to real-world deployment. In particular, they overlook the
significance of metadata protection and stateful processing. Unprotected
traffic metadata like low-level headers, size and count, can be exploited to
learn supposedly encrypted application contents. Meanwhile, tracking the states
of 100,000s of flows concurrently is often indispensable in production-level
middleboxes deployed at real networks.
We present LightBox, the first system that can drive off-site middleboxes at
near-native speed with stateful processing and the most comprehensive
protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox
is the product of our systematic investigation of how to overcome the inherent
limitations of secure enclaves using domain knowledge and customization. First,
we introduce an elegant virtual network interface that allows convenient access
to fully protected packets at line rate without leaving the enclave, as if from
the trusted source network. Second, we provide complete flow state management
for efficient stateful processing, by tailoring a set of data structures and
algorithms optimized for the highly constrained enclave space. Extensive
evaluations demonstrate that LightBox, with all security benefits, can achieve
10Gbps packet I/O, and that with case studies on three stateful middleboxes, it
can operate at near-native speed.Comment: Accepted at ACM CCS 201
Defect Perturbations in Landau-Ginzburg Models
Perturbations of B-type defects in Landau-Ginzburg models are considered. In
particular, the effect of perturbations of defects on their fusion is analyzed
in the framework of matrix factorizations. As an application, it is discussed
how fusion with perturbed defects induces perturbations on boundary conditions.
It is shown that in some classes of models all boundary perturbations can be
obtained in this way. Moreover, a universal class of perturbed defects is
constructed, whose fusion under certain conditions obey braid relations. The
functors obtained by fusing these defects with boundary conditions are twist
functors as introduced in the work of Seidel and Thomas.Comment: 46 page
Permutation branes and linear matrix factorisations
All the known rational boundary states for Gepner models can be regarded as
permutation branes. On general grounds, one expects that topological branes in
Gepner models can be encoded as matrix factorisations of the corresponding
Landau-Ginzburg potentials. In this paper we identify the matrix factorisations
associated to arbitrary B-type permutation branes.Comment: 43 pages. v2: References adde
Thomas Decomposition and Nonlinear Control Systems
This paper applies the Thomas decomposition technique to nonlinear control
systems, in particular to the study of the dependence of the system behavior on
parameters. Thomas' algorithm is a symbolic method which splits a given system
of nonlinear partial differential equations into a finite family of so-called
simple systems which are formally integrable and define a partition of the
solution set of the original differential system. Different simple systems of a
Thomas decomposition describe different structural behavior of the control
system in general. The paper gives an introduction to the Thomas decomposition
method and shows how notions such as invertibility, observability and flat
outputs can be studied. A Maple implementation of Thomas' algorithm is used to
illustrate the techniques on explicit examples
Stateless CPU-aware datacenter load-balancing
Today, datacenter operators deploy Load-balancers (LBs) to efficiently utilize server resources, but must over-provision server resources (by up to 30%) because of load imbalances and the desire to bound tail service latency. We posit one of the reasons for these imbalances is the lack of per-core load statistics in existing LBs. As a first step, we designed CrossRSS, a CPU core-aware LB that dynamically assigns incoming connections to the least loaded cores in the server pool. CrossRSS leverages knowledge of the dispatching by each server's Network Interface Card (NIC) to specific cores to reduce imbalances by more than an order of magnitude compared to existing LBs in a proof-of-concept datacenter environment, processing 12% more packets with the same number of cores
Highly cited articles in environmental and occupational health, 1919-1960
Although numerous lists of "citation classics" have been compiled across a variety of scientific fields, few have included articles from environmental and occupational health (EOH). This investigation sought to identify and analyze the most highly cited articles ever published in the Journal of Industrial Hygiene (1919-1935), the Journal of Industrial Hygiene and Toxicology (1936-1949) the Archives of Industrial Hygiene and Occupational Medicine (1950), the American Medical Association (A.M.A.) Archives of Industrial Hygiene and Occupational Medicine (1950-1954), and the A.M.A. Archives of Industrial Health (1955-1960). Regularly cited topics included metal fume fever and various studies of beryllium, whereas the most highly cited article of all was a 1957 paper describing the control of heat casualties at military training centers. Interestingly, the most highly cited articles were not the oldest, and nor were they written as literature reviews. Overall, this Study suggests that although some citation patterns in EOH reflect those of other disciplines, the trend is not uniform and EOH itself appears to have some distinctive bibliometric characteristics