And Then There Were More:
|
|
- Arron Morris
- 5 years ago
- Views:
Transcription
1 David Naylor Carnegie Mellon And Then There Were More: Secure Communication for More Than Two Parties Richard Li University of Utah Christos Gkantsidis Microsoft Research Thomas Karagiannis Microsoft Research Peter Steenkiste Carnegie Mellon
2
3 In most networks, # middleboxes # routers Web Cache Compression Proxy Intrusion Detection System Virus Scanner Parental Filter Load Balancer [Making Middleboxes Someone Else s Problem. SIGCOMM 12]
4 In most networks, # middleboxes # routers Encryption blinds middleboxes.
5 Encryption blinds middleboxes. Goal: Encryption + Middleboxes
6 Goal: Encryption + Middleboxes 1 2 Design Space mbtls For secure, multi-entity communication protocols A deployable protocol for outsourced middleboxes.
7 There s a big design space for secure, multi-entity communication protocols
8 There s a big design space for secure, multi-entity communication protocols 1 Extend TLS Security Properties 2 3 New Security Other Properties Properties
9 1 Extend TLS Security Properties 2 1 Data Secrecy Data Authentication 3 Entity Authentication
10 1 Extend TLS Security Properties Definition of Party vs Granularity of Data Access Definition of Identity Headers Body vs Headers vs
11 1 2 Extend TLS Security Properties New Security Properties 3 Other Properties Granularity of Data Access Headers Body vs Headers Definition of Party vs Definition of Identity vs
12 2 New Security Properties Path Integrity Authorization Data Change Secrecy
13 1 Extend TLS Security Properties 2 New Security Properties 3 Other Properties Granularity of Data Access Path Integrity Headers Body vs Headers Definition of Party Data Change Secrecy vs Definition of Identity Authorization vs
14 3 Other Properties Legacy Endpoints Computation v1.2 Arbitrary vs Limited In-Band Discovery
15 1 Extend TLS Security Properties 2 New Security Properties 3 Other Properties Granularity of Data Access Path Integrity Legacy Endpoints Headers Body vs Headers v1.2 Definition of Party vs Data Change Secrecy In-Band Discovery Definition of Identity vs Authorization Computation vs Arbitrary Limited
16 There s a big design space for secure, multi-entity communication protocols 1 Extend TLS Security Properties 2 New Security Properties 3 Other Properties
17 There s a big design space for secure, multi-entity communication protocols There is no one-size-fits-all solution.
18 There s a big design space for secure, multi-entity communication protocols There is no one-size-fits-all solution. Supporting one property often precludes another.
19 Supporting one property often precludes another. TLS interception with custom root certificates Supports two legacy endpoints Prevents endpoint authentication (owner or code) v1.2 vs
20 Supporting one property often precludes another. Multi-Context TLS (mctls) [SIGCOMM 15] Supports fine-grained data access Prevents legacy support Headers Body vs Headers v1.2
21 Supporting one property often precludes another. BlindBox [SIGCOMM 15] Supports functional crypto (minimal data access) Prevents arbitrary computation Headers Body vs Headers Arbitrary vs Limited
22 There s a big design space for secure, multi-entity communication protocols There is no one-size-fits-all solution. Supporting one property often precludes another.
23 There s a big design space for secure, multi-entity communication protocols There is no one-size-fits-all solution. Supporting one property often precludes another.
24 Goal: Encryption + Middleboxes 1 2 Design Space mbtls For secure, multi-entity communication protocols A deployable protocol for outsourced middleboxes.
25 mbtls targets two commoncase, real-world needs 1 Immediate deployability Interoperate with one legacy endpoint 2 Protection for outsourced middleboxes Protect session data from middlebox infrastructure (in addition to traditional network attackers)
26 mbtls targets two commoncase, real-world needs 2 Outsourced Middlebox Server-Side Proxy Residential ISP Upgraded Server Legacy Clients 1 Legacy Endpoint
27 mbtls targets two commoncase, real-world needs 1 Legacy Endpoint 2 Outsourced Middlebox Upgraded Client Client-Side Proxy Cloud Compute Provider Legacy Servers
28 mbtls targets two commoncase, real-world needs 1 Immediate deployability Interoperate with one legacy endpoint 2 Protection for outsourced middleboxes Protect session data from middlebox infrastructure (in addition to traditional network attackers)
29 2 Protection for outsourced middleboxes Protect session data from middlebox infrastructure (in addition to traditional network attackers) Middlebox Software R/W access Client R/W access Middlebox Infrastructure No access Server R/W access Everyone Else No access
30 mbtls targets two commoncase, real-world needs 1 Immediate deployability Interoperate with one legacy endpoint 2 Protection for outsourced middleboxes Protect session data from middlebox infrastructure (in addition to traditional network attackers)
31 A first approach: pass primary session key over secondary TLS session Primary TLS Connection Supports legacy endpoints Secondary TLS Connection Data and keys visible in RAM
32 An aside: Intel SGX 1 Secure Execution Environment Program code, data, and stack encrypted. 2 Remote Attestation Prove to remote party that 1 is working.
33 A first approach: pass primary session key over secondary TLS session Primary TLS Connection Supports legacy endpoints Secondary TLS Connection Data and keys visible in RAM
34 mbtls protects session data and keys using SGX Primary TLS Connection SGX Enclave TLS Handshake + Attestation Supports legacy endpoints Data and keys encrypted in RAM
35 On-path middleboxes can be discovered on-the-fly ClientHello + MiddleboxSupportExtension ServerHello MiddleboxAnnouncement MbtlsEncap[ ] + MboxHello
36 Per-hop keys provide path integrity and data change secrecy Original session key bridges client- and server-side middleboxes.
37 Evaluation 1 What overheads does mbtls introduce? From SGX? From crypto? 2 Is mbtls immediately deployable? Will existing network devices drop mbtls handshake messages?
38 SGX doesn t have much impact on I/O+compute-intensive workloads 10 8 No Enclave Enclave Throughput (Gbps) K 2K 4K 8K 12K Record Size (Bytes)
39 mbtls adds some handshake CPU overhead on the server Server 1.5 Computation Time (ms) 1.0 TLS (no mbox) mbtls (1 serve mbtls (2 serve mbtls (3 serve TLS mbtls Server mbtls mbtls no mbox 1 mbox 2 mbox 3 mbox
40 mbtls handshake protocol changes are deployable today?? Drop handshake? 6 enterprise networks 34 residential networks 2 mobile networks No handshakes were dropped. 11 university networks 35 colocation networks 1 public network 56 hosting networks 19 data center networks 77 unlabeled networks
41 David Naylor Carnegie Mellon And Then There Were More: Secure Communication for More Than Two Parties Richard Li University of Utah Christos Gkantsidis Microsoft Research Thomas Karagiannis Microsoft Research Peter Steenkiste Carnegie Mellon
mctls: enabling secure in-network functionality in TLS
mctls: enabling secure in-network functionality in TLS David Naylor Kyle Schomp Matteo Varvello Ilias Leontiadis Jeremy Blackburn Diego Lopez Dina Papagiannaki Pablo Rodriguez Rodriguez Peter Steenkiste
More informationEndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution
: Scalable Functions Using -Side Trusted Execution Image CC-BY-SA Victorgrigas David Goltzsche, 1 Signe Rüsch, 1 Manuel Nieke, 1 Sébastien Vaucher, 2 Nico Weichbrodt, 1 Valerio Schiavoni, 2 Pierre-Louis
More informationSafeBricks: Shielding Network Functions in the Cloud
SafeBricks: Shielding Network Functions in the Cloud Rishabh Poddar, Chang Lan, Raluca Ada Popa, Sylvia Ratnasamy UC Berkeley Network Functions (NFs) in the cloud Clients 2 Enterprise Destination Network
More informationRule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs
Rule based Forwarding (RBF): improving the Internet s flexibility and security Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs Motivation Improve network s flexibility Middlebox support,
More informationA Ten Minute Introduction to Middleboxes. Justine Sherry, UC Berkeley
A Ten Minute Introduction to Middleboxes Justine Sherry, UC Berkeley This Talk: Three Questions! What is a middlebox? What are some recent trends in middlebox engineering? What research challenges do middleboxes
More informationSDN Use-Cases. internet exchange, home networks. TELE4642: Week8. Materials from Prof. Nick Feamster is gratefully acknowledged
SDN Use-Cases internet exchange, home networks TELE4642: Week8 Materials from Prof. Nick Feamster is gratefully acknowledged Overview n SDX: A Software-Defined Internet Exchange n SDN-enabled Home Networks
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationFrom Zero Touch Provisioning to Secure Business Intent
From Zero Touch Provisioning to Secure Business Intent Flexible Orchestration with Silver Peak s EdgeConnect SD-WAN Solution From Zero Touch Provisioning to Secure Business Intent Flexible Orchestration
More informationCloud, SDN and BIGIQ. Philippe Bogaerts Senior Field Systems Engineer
Cloud, SDN and BIGIQ Philippe Bogaerts Senior Field Systems Engineer Virtual Editions TMOS/LTM 12.0 Highlights 1 NIC support Azure Marketplace Kernel Independent driver Enhanced Hypervisor support F5 Networks,
More informationRule-Based Forwarding
Building Extensible Networks with Rule-Based Forwarding Lucian Popa Norbert Egi Sylvia Ratnasamy Ion Stoica UC Berkeley/ICSI Lancaster Univ. Intel Labs Berkeley UC Berkeley Making Internet forwarding flexible
More informationSYMANTEC CONSIDERATIONS ON MIDDLEBOXES
SYMANTEC CONSIDERATIONS ON MIDDLEBOXES 12 th OF JUNE 2018 @ETSI SECURITY WEEK 2018 SYMANTEC AGENDA TODAY 1 2 WHICH MODEL FOR SECURITY AND PRIVACY? IS A CONSENSUS REACHABLE? LET s BE PATIENT ANNEX PRACTICAL
More informationOpenADN: A Case for Open Application Delivery Networking
OpenADN: A Case for Open Application Delivery Networking Subharthi Paul, Raj Jain, Jianli Pan Washington University in Saint Louis {Pauls, jain, jp10}@cse.wustl.edu International Conference on Computer
More informationthis security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities
INFRASTRUCTURE SECURITY this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities Goals * prevent or mitigate resource attacks
More informationHillstone IPSec VPN Solution
1. Introduction With the explosion of Internet, more and more companies move their network infrastructure from private lease line to internet. Internet provides a significant cost advantage over private
More informationDynamic Network Segmentation
Dynamic Network Segmentation Innovative network security protection to stop cyber attacks and meet compliance. 1 Isolate and flexibly segment your networks Introduction As organizational structures and
More informationMulti-Context TLS (mctls): Enabling Secure In-Network Functionality in TLS
Multi-Context TLS (mctls: Enabling Secure In-Network Functionality in TLS David Naylor, Kyle Schomp, Matteo Varvello, Ilias Leontiadis, Jeremy Blackburn, Diego Lopez, Konstantina Papagiannaki, Pablo Rodriguez
More informationOverview Content Delivery Computer Networking Lecture 15: The Web Peter Steenkiste. Fall 2016
Overview Content Delivery 15-441 15-441 Computer Networking 15-641 Lecture 15: The Web Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Web Protocol interactions HTTP versions Caching Cookies
More informationTransport Layer Security
Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols
More informationThe case for ubiquitous transport level encryption. Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford.
The case for ubiquitous transport level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford. What would it take to encrypt all the traffic on the Internet,
More informationComputer Science 461 Final Exam May 22, :30-3:30pm
NAME: Login name: Computer Science 461 Final Exam May 22, 2012 1:30-3:30pm This test has seven (7) questions, each worth ten points. Put your name on every page, and write out and sign the Honor Code pledge
More informationCisco Next Generation Firewall Services
Toronto,. CA May 30 th, 2013 Cisco Next Generation Firewall Services Eric Kostlan Cisco Technical Marketing 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Objectives At the
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are
More informationUnderstanding of basic networking concepts (routing, switching, VLAN, firewall functionality)
Citrix NetScaler for Apps and Desktops Day(s): 5 Course Code: CNS-222 Overview This course is designed specifically for students who have limited or no previous NetScaler experience. The content is based
More informationNetScaler for Apps and Desktops CNS-222; 5 Days; Instructor-led
NetScaler for Apps and Desktops CNS-222; 5 Days; Instructor-led Course Description Designed for students with little or no previous NetScaler, NetScaler Gateway or Unified Gateway experience, this course
More informationRTCWEB Working Group. Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past and the future
RTCWEB Working Group Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past and the future Dan Wing dwing@cisco.com IETF83 - March 2012 v2 1 Agenda Scope Upcoming Questions
More informationCSCI-1680 Network Layer:
CSCI-1680 Network Layer: Wrapup Rodrigo Fonseca Based partly on lecture notes by Jennifer Rexford, Rob Sherwood, David Mazières, Phil Levis, John JannoA Administrivia Homework 2 is due tomorrow So we can
More informationThe Security Impact of HTTPS Interception
The Security Impact of HTTPS Interception Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, Vern Paxson University of Michigan,
More informationA Policy Framework for a Secure
A Policy Framework for a Secure Future Internet Jad Naous(Stanford University) Arun Seehra(UT Austin) Michael Walfish(UT Austin) David Mazières(Stanford University) Antonio Nicolosi(Stevens Institute of
More informationCisco HyperFlex and the F5 BIG-IP Platform Accelerate Infrastructure and Application Deployments
OVERVIEW + Cisco and the F5 BIG-IP Platform Accelerate Infrastructure and Application Deployments KEY BENEFITS Quickly create private clouds Tested with industry-leading BIG-IP ADC platform Easily scale
More informationOptimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution
DATASHEET Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution Features & Benefits Best-in-class VPN and vadc solutions A single point of access for all
More informationConfiguring F5 for SSL Intercept
Configuring F5 for Welcome to the F5 deployment guide for configuring the BIG-IP system for SSL intercept (formerly called with Air Gap Egress Inspection). This document contains guidance on configuring
More informationIntroduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017
Introduction to SGX (Software Guard Extensions) and SGX Virtualization Kai Huang, Jun Nakajima (Speaker) July 12, 2017 1 INTEL RESTRICTED SECRET Agenda SGX Introduction Xen SGX Virtualization Support Backup
More informationEmbark: Securely Outsourcing Middleboxes to the Cloud
Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada Popa, Sylvia Ratnasamy, Zhi Liu UC Berkeley Tsinghua University 1 Background Middleboxes are prevalent and problematic
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationSTORAGE MADE EASY: S3 DRIVE & S3 EXPLORER
SOLUTION GUIDE STORAGE MADE EASY: S3 DRIVE & S3 EXPLORER IBM COS ABOUT STORAGE MADE EASY FILE FABRIC The Storage Made Easy File Fabric enables IT to regain control of "cloud data sprawl" by unifying on-premises
More informationRIGHTNOW A C E
RIGHTNOW A C E 2 0 1 4 2014 Aras 1 A C E 2 0 1 4 Scalability Test Projects Understanding the results 2014 Aras Overview Original Use Case Scalability vs Performance Scale to? Scaling the Database Server
More informationCloudamize Agents FAQ
Cloudamize Agents FAQ Cloudamize is a cloud infrastructure analytics platform that provides data analysis and recommendations to speed and simplify cloud migration and management. Our platform helps you
More informationA Comparison Study of Intel SGX and AMD Memory Encryption Technology
A Comparison Study of Intel SGX and AMD Memory Encryption Technology Saeid Mofrad, Fengwei Zhang Shiyong Lu Wayne State University {saeid.mofrad, Fengwei, Shiyong}@wayne.edu Weidong Shi (Larry) University
More informationCS 356 Internet Security Protocols. Fall 2013
CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5
More informationOptimize and Accelerate Your Mission- Critical Applications across the WAN
BIG IP WAN Optimization Module DATASHEET What s Inside: 1 Key Benefits 2 BIG-IP WAN Optimization Infrastructure 3 Data Optimization Across the WAN 4 TCP Optimization 4 Application Protocol Optimization
More informationTLS 1.1 Security fixes and TLS extensions RFC4346
F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationGood Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy
Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy SESSION ID: CSV-W01 Bryan D. Payne Director of Security Research Nebula @bdpsecurity Cloud Security Today Cloud has lots of momentum
More informationCourse Objectives In this course, students can expect to learn how to:
CNS-222 Citrix NetScaler Essentials and Unified Gateway The objective of this course is to provide the foundational concepts and teach the skills necessary to deploy, secure and manage a Citrix NetScaler
More informationAuditing IoT Communications with TLS-RaR
Auditing IoT Communications with TLS-RaR Judson Wilson, Henry Corrigan-Gibbs, Riad S. Wahby, Keith Winstein, Philip Levis, Dan Boneh Stanford University Auditing Standard Devices MITM Used for: security
More informationFeatures. HDX WAN optimization. QoS
May 2013 Citrix CloudBridge Accelerates, controls and optimizes applications to all locations: datacenter, branch offices, public and private clouds and mobile users Citrix CloudBridge provides a unified
More informationNetwork in the Cloud: a Map-and-Encap Approach
Network in the Cloud: a Map-and-Encap Approach Damien Saucez Wassim Haddad Inria Ericsson IEEE CloudNet 12 Enterprise network www ISP1 SOHO ISP2 Internet 2 Enterprise network (contd.) Survey on 57 enterprise
More informationCorente Cloud Services Exchange
Corente Cloud Services Exchange Oracle s Corente Cloud Services Exchange (Corente CSX) is a cloud-based service that enables distributed enterprises to deliver trusted IPSec VPN connectivity services to
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationShare Count Analysis HEADERS
Measuring Network Privacy with It s 11PM. DO YOU KNOW WHERE YOUR Share Count Analysis HEADERS ARE? David Naylor Peter Steenkiste GOAL measure how private a network architecture or protocol is GOAL measure
More informationOn the Internet, nobody knows you re a dog.
On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing
More informationOverview SENTINET 3.1
Overview SENTINET 3.1 Overview 1 Contents Introduction... 2 Customer Benefits... 3 Development and Test... 3 Production and Operations... 4 Architecture... 5 Technology Stack... 7 Features Summary... 7
More informationMigration to IPv6 from IPv4. Is it necessary?
Introduction Today Internet plays a big role in every aspect of our lives and IP acted as an important pillar of Internet. Since its inception the Internet has reached almost all corners of globe and it
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationConfiguring Cisco Mobility Advantage
CHAPTER 46 This chapter describes how to configure the adaptive security appliance for Cisco Unified Communications Mobility Advantage Proxy features. This chapter includes the following sections: Information
More informationORACLE ENTERPRISE COMMUNICATIONS BROKER
ORACLE ENTERPRISE COMMUNICATIONS BROKER A CORE COMMUNICATIONS CONTROLLER KEY FEATURES Centralized dial plan management Centralized session routing and forking Multivendor UC protocol normalization SIP
More informationMiddleboxes in Cellular Networks
Middleboxes in Cellular Networks Szilveszter Nádas, Salvatore Loreto Ericsson Research, Szilveszter.Nadas@ericsson.com, Salvatore.Loreto@ericsson.com November 4, 2014 Abstract This is a position paper
More informationCisco NAC Profiler Architecture Overview
CHAPTER 2 Topics in this chapter include: Overview, page 2-1 Cisco NAC Profiler System Deployment Model, page 2-3 Cisco NAC Profiler Usage: Port Provisioning and Endpoint Directory, page 2-4 Overview Cisco
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationInitial connection setup. Adding subflow setup. Three-way handshake with MP_CAPABLE Exchange 64 bit key(key-a, Key-B)
- 2 - Despite the short history, Multipath TCP(MPTCP) prevails drastically As MPTCP was deployed, security concerns increase There have been multiple attempts at verifications to security of MPTCP Initial
More informationCSE 123A Computer Netwrking
CSE 123A Computer Netwrking Winter 2005 Mobile Networking Alex Snoeren presenting in lieu of Stefan Savage Today s s issues What are implications of hosts that move? Remember routing? It doesn t work anymore
More informationTHE FUTURE OF AUTHENTICATION FOR THE INTERNET OF THINGS
THE FUTURE OF AUTHENTICATION FOR THE INTERNET OF THINGS FIDO ALLIANCE WEBINAR MARCH 28, 2017 1 INTRODUCTION TO THE FIDO ALLIANCE ANDREW SHIKIAR SENIOR DIRECTOR OF MARKETING MARCH 28, 2017 2 THE FACTS ON
More informationDYNAMIC SERVICE CHAINING DYSCO WITH. forcing packets through middleboxes for security, optimizing performance, enhancing reachability, etc.
DYNAMIC SERVICE CHAINING WITH DYSCO forcing packets through es for security, optimizing performance, enhancing reachability, etc. Pamela Zave AT&T Labs Research Ronaldo A. Ferreira UFMS, Brazil Xuan Kelvin
More informationLOGICAL ADDRESSING. Faisal Karim Shaikh.
LOGICAL ADDRESSING Faisal Karim Shaikh faisal.shaikh@faculty.muet.edu.pk DEWSNet Group Dependable Embedded Wired/Wireless Networks www.fkshaikh.com/dewsnet IPv4 ADDRESSES An IPv4 address is a 32-bit address
More informationIntel Active Management Technology Overview
Chapter 5 Intel Active Management Technology Overview Management is doing things right; leadership is doing the right things. Peter Drucker (1909 2005) As we discussed in the last chapter, Intel Active
More informationENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution
ENDBOX: Scalable Middlebox Functions Using -Side Trusted Execution David Goltzsche, Signe Rüsch, Manuel Nieke, Sébastien Vaucher, Nico Weichbrodt, Valerio Schiavoni, Pierre-Louis Aublin, Paolo Costa, Christof
More informationPulse Secure Application Delivery
DATA SHEET Pulse Secure Application Delivery HIGHLIGHTS Provides an Application Delivery and Load Balancing solution purposebuilt for high-performance Network Functions Virtualization (NFV) Uniquely customizable,
More informationSharkFest'17 US. Experience with the expressive Internet Architecture. Peter Steenkiste Carnegie Mellon University
SharkFest'17 US Experience with the expressive Internet Architecture Peter Steenkiste Carnegie Mellon University Dave Andersen, David Eckhardt, Sara Kiesler, Jon Peha, Adrian Perrig, Srini Seshan, Marvin
More informationTALK THUNDER SOFTWARE FOR BARE METAL HIGH-PERFORMANCE SOFTWARE FOR THE MODERN DATA CENTER WITH A10 DATASHEET YOUR CHOICE OF HARDWARE
DATASHEET THUNDER SOFTWARE FOR BARE METAL YOUR CHOICE OF HARDWARE A10 Networks application networking and security solutions for bare metal raise the bar on performance with an industryleading software
More informationLecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from
Lecture 15 PKI & Authenticated Key Exchange COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Today We will see how signatures are used to create public-key infrastructures
More informationRethinking Security: The Need For A Security Delivery Platform
Rethinking Security: The Need For A Security Delivery Platform Cybercrime In Asia: A Changing Environment & Shifting Focus Asia, more vulnerable to cybercrime because of diversity and breadth of countries
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationWhat is New in Cisco ACE 4710 Application Control Engine Software Release 3.1
What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1 PB478675 Product Overview The Cisco ACE Application Control Engine 4710 represents the next generation of application switches
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationSecurity Fundamentals
COMP 150-IDS: Internet Scale Distributed Systems (Spring 2015) Security Fundamentals Noah Mendelsohn Tufts University Email: noah@cs.tufts.edu Web: http://www.cs.tufts.edu/~noah Copyright 2012 & 2015 Noah
More informationThe Road to a Secure, Compliant Cloud
The Road to a Secure, Compliant Cloud The Road to a Secure, Compliant Cloud Build a trusted infrastructure with a solution stack from Intel, IBM Cloud SoftLayer,* VMware,* and HyTrust Technology innovation
More informationForwarding Architecture
Forwarding Architecture Brighten Godfrey CS 538 February 14 2018 slides 2010-2018 by Brighten Godfrey unless otherwise noted Building a fast router Partridge: 50 Gb/sec router A fast IP router well, fast
More informationTOWARDS USABLE AND FINE-GRAINED SECURITY FOR HTTPS WITH MIDDLEBOXES
TOWARDS USABLE AND FINE-GRAINED SECURITY FOR HTTPS WITH MIDDLEBOXES Abhimanyu Khanna A thesis in The Department of Concordia Institute for Information Systems Engineering Presented in Partial Fulfillment
More informationGraphene-SGX. A Practical Library OS for Unmodified Applications on SGX. Chia-Che Tsai Donald E. Porter Mona Vij
Graphene-SGX A Practical Library OS for Unmodified Applications on SGX Chia-Che Tsai Donald E. Porter Mona Vij Intel SGX: Trusted Execution on Untrusted Hosts Processing Sensitive Data (Ex: Medical Records)
More informationENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM
JOINT SOLUTION BRIEF ENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM DIAMANTI PLATFORM AT A GLANCE Modern load balancers which deploy as
More informationUnderstanding Traffic Decryption
The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake
More informationAWS & Intel: A Partnership Dedicated to fueling your Innovations. Thomas Kellerer BDM CSP, Intel Central Europe
AWS & Intel: A Partnership Dedicated to fueling your Innovations Thomas Kellerer BDM CSP, Intel Central Europe The Digital Service Economy Growth in connected devices enables new business opportunities
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationA Guide to Routers. Connectivity Type. ADSL (Telephone Type)
A Guide to Routers Besides enabling wireless internet connections, routers also keep sensitive data private by safeguarding networks. Wireless routers are increasingly common, even in public spaces. This
More informationSOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD
RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD THE CLOUD MAKES THREAT HUNTING HARDER The explosion in cloud workloads is driving real, substantial business value.
More informationPerformance Study of COPS over TLS and IPsec Secure Session
Performance Study of COPS over TLS and IPsec Secure Session Yijun Zeng and Omar Cherkaoui Université du Québec à Montréal CP. 8888 Suc. A, Montréal yj_zeng@hotmail.com, cherkaoui.omar@uqam.ca Abstract.
More informationHALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.
HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD Automated PCI compliance anytime, anywhere. THE PROBLEM Online commercial transactions will hit an estimated
More informationScaling Internet TV Content Delivery ALEX GUTARIN DIRECTOR OF ENGINEERING, NETFLIX
Scaling Internet TV Content Delivery ALEX GUTARIN DIRECTOR OF ENGINEERING, NETFLIX Inventing Internet TV Available in more than 190 countries 104+ million subscribers Lots of Streaming == Lots of Traffic
More informationDynamic Source Routing in ad hoc wireless networks
Dynamic Source Routing in ad hoc wireless networks David B. Johnson David A. Maltz Computer Science Department Carnegie Mellon University In Mobile Computing, vol. 353, chapter 5, T. Imielinski and H.
More informationDelivering Microservices Securely and at Scale with NGINX in Red Hat OpenShift. November, 2017
Delivering Microservices Securely and at Scale with NGINX in Red Hat OpenShift November, 2017 Klaus Oxdal Channel Director klaus@nginx.com The Big Shift Architectural Changes: Monolith import myapp.driver
More informationARCHITECTURING AND SECURING IOT PLATFORMS JANKO ISIDOROVIC MAINFLUX
ARCHITECTURING AND SECURING IOT PLATFORMS JANKO ISIDOROVIC CEO @ MAINFLUX Outline Internet of Things (IoT) Common IoT Project challenges - Networking - Power Consumption - Computing Power - Scalability
More informationSOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management
SOLUTION BRIEF CA API MANAGEMENT Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management 2 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com
More informationCitrix NetScaler Administration Training
Citrix NetScaler Administration Training Course Duration : 20 Working Days Class Duration : 3 hours per day Fast Track: - Course duration 10days (Per day 8 hours) Get Fee Details Module 1 NetScaler Overview
More informationFirewalls for Secure Unified Communications
Firewalls for Secure Unified Communications Positioning Guide 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 12 Firewall protection for call control
More informationCPS 510 final exam, 4/27/2015
CPS 510 final exam, 4/27/2015 Your name please: This exam has 25 questions worth 12 points each. For each question, please give the best answer you can in a few sentences or bullets using the lingo of
More informationAbout DPI-SSL. About DPI-SSL. Functionality. Deployment Scenarios
DPI-SSL About DPI-SSL Configuring Client DPI-SSL Settings Configuring Server DPI-SSL Settings About DPI-SSL About DPI-SSL Functionality Deployment Scenarios Customizing DPI-SSL Connections per Appliance
More informationNGIPS Recommended Practices
F5 Networks, Inc. NGIPS Recommended Practices F5 BIG-IP and Cisco/Sourcefire NGIPS load balancing Matt Quill, Brandon Frelich, and Bob Blair 5/9/2014 This document articulate the details for configuring
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationManagement and Orchestration with F5 BIG-IQ 4.5. Philippe Bogaerts F5 Networks
Management and Orchestration with F5 BIG-IQ 4.5 Philippe Bogaerts F5 Networks F5 Synthesis High-Performance Services Fabric Simplified Business Models F5 Networks, Inc 2 BIG-IQ in the Synthesis Framework
More informationCloud Native Security. OpenShift Commons Briefing
Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud
More information