Don't Yank My Chain: Auditable NF Service Chaining
暂无分享,去创建一个
Guyue Liu | Vyas Sekar | Justine Sherry | Bryan Parno | Hugo Sadok | Anne Kohlbrenner | Bryan Parno | V. Sekar | Justine Sherry | Hugo Sadok | Guyue Liu | Anne Kohlbrenner
[1] Yajin Zhou,et al. LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed , 2017, CCS.
[2] Minlan Yu,et al. Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags , 2014, NSDI.
[3] Katerina J. Argyraki,et al. A Formally Verified NAT , 2017, SIGCOMM.
[4] Anat Bremler-Barr,et al. OpenBox: A Software-Defined Framework for Developing, Deploying, and Managing Network Functions , 2016, SIGCOMM.
[5] Rebecca Steinert,et al. Metron: NFV Service Chains at the True Speed of the Underlying Hardware , 2018, NSDI.
[6] Christof Fetzer,et al. ShieldBox: Secure Middleboxes using Shielded Execution , 2018, SOSR.
[7] Katerina J. Argyraki,et al. Verifying Reachability in Networks with Mutable Datapaths , 2016, NSDI.
[8] George Varghese,et al. Usenix Association 10th Usenix Symposium on Networked Systems Design and Implementation (nsdi '13) 99 Real Time Network Policy Checking Using Header Space Analysis , 2022 .
[9] Xin Zhang,et al. Secure and Scalable Fault Localization under Dynamic Traffic Patterns , 2012, 2012 IEEE Symposium on Security and Privacy.
[10] Srinivas Devadas,et al. Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..
[11] Vyas Sekar,et al. Verifiable network function outsourcing: requirements, challenges, and roadmap , 2013, HotMiddlebox '13.
[12] Sylvia Ratnasamy,et al. SafeBricks: Shielding Network Functions in the Cloud , 2018, NSDI.
[13] Katerina J. Argyraki,et al. Retroactive Packet Sampling for Traffic Receipts , 2019, Proc. ACM Meas. Anal. Comput. Syst..
[14] David M. Eyers,et al. SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.
[15] Dongsu Han,et al. SGX-Box: Enabling Visibility on Encrypted Traffic using a Secure Middlebox Module , 2017, APNet.
[16] Andrew Ferraiuolo,et al. Komodo: Using verification to disentangle secure-enclave hardware from software , 2017, SOSP.
[17] K. K. Ramakrishnan,et al. OpenNetVM: A Platform for High Performance Network Service Chains , 2016, HotMiddlebox@SIGCOMM.
[18] Gorka Irazoqui Apecechea,et al. CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.
[19] Mihir Bellare,et al. Entity Authentication and Key Distribution , 1993, CRYPTO.
[20] Katerina J. Argyraki,et al. Software dataplane verification , 2014, NSDI.
[21] Adrian Perrig,et al. EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet , 2020, USENIX Security Symposium.
[22] Christos Gkantsidis,et al. And Then There Were More: Secure Communication for More Than Two Parties , 2017, CoNEXT.
[23] Andrew Warfield,et al. Split/Merge: System Support for Elastic Execution in Virtual Middleboxes , 2013, NSDI.
[24] Nikhil Swamy,et al. EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider , 2020, 2020 IEEE Symposium on Security and Privacy (SP).
[25] Marcus Peinado,et al. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs , 2017, NDSS.
[26] Tianlong Yu,et al. BUZZ: Testing Context-Dependent Policies in Stateful Networks , 2016, NSDI.
[27] K. K. Ramakrishnan,et al. Microboxes: high performance NFV with customizable, asynchronous TCP stacks and dynamic subscriptions , 2018, SIGCOMM.
[28] Aditya Akella,et al. Automated Verification of Customizable Middlebox Properties with Gravel , 2020, NSDI.
[29] Xin Zhang,et al. Packet-dropping adversary identification for data plane security , 2008, CoNEXT '08.
[30] Carlos Pignataro,et al. Network Service Header (NSH) , 2018, RFC.
[31] Joint Task Force Transformation Initiative,et al. Security and Privacy Controls for Federal Information Systems and Organizations , 2013 .
[32] Roberto Bifulco,et al. ClickOS and the Art of Network Function Virtualization , 2014, NSDI.
[33] Sujata Garera,et al. Challenges in teaching a graduate course in applied cryptography , 2009, SGCS.
[34] Andreas Haeberlen,et al. NetReview: Detecting When Interdomain Routing Goes Wrong , 2009, NSDI.
[35] Katerina J. Argyraki,et al. Verifiable network-performance measurements , 2010, CoNEXT.
[36] D. McGrew,et al. The Galois/Counter Mode of Operation (GCM) , 2005 .
[37] Thomas F. Wenisch,et al. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.
[38] Srinivas Devadas,et al. Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.
[39] Yih-Chun Hu,et al. Mechanized Network Origin and Path Authenticity Proofs , 2014, CCS.
[40] Johannes Götzfried,et al. Cache Attacks on Intel SGX , 2017, EUROSEC.
[41] Scott Shenker,et al. NetBricks: Taking the V out of NFV , 2016, OSDI.
[42] Xin Zhang,et al. Network fault localization with small TCB , 2011, 2011 19th IEEE International Conference on Network Protocols.
[43] Yuan Xiao,et al. SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution , 2018, ArXiv.
[44] Hani Jamjoom,et al. Stateless Network Functions , 2015, HotMiddlebox@SIGCOMM.
[45] Minlan Yu,et al. SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.
[46] Michael Walfish,et al. Verifying and enforcing network paths with icing , 2011, CoNEXT '11.
[47] Brighten Godfrey,et al. Debugging the data plane with anteater , 2011, SIGCOMM.
[48] Limin Jia,et al. NetSMC: A Custom Symbolic Model Checker for Stateful Network Verification , 2020, NSDI.
[49] Brighten Godfrey,et al. VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.
[50] Hugo Krawczyk,et al. Keying Hash Functions for Message Authentication , 1996, CRYPTO.
[51] Mohan Kumar,et al. S-NFV: Securing NFV states by using SGX , 2016, SDN-NFV@CODASPY.
[52] Vyas Sekar,et al. Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.
[53] Galen C. Hunt,et al. Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.
[54] David A. McGrew. Efficient authentication of large, dynamic data sets using Galois/counter mode (GCM) , 2005, Third IEEE International Security in Storage Workshop (SISW'05).
[55] Katerina J. Argyraki,et al. RouteBricks: exploiting parallelism to scale software routers , 2009, SOSP '09.
[56] Daniel Raumer,et al. MoonGen: A Scriptable High-Speed Packet Generator , 2014, Internet Measurement Conference.
[57] Andreas Haeberlen,et al. PeerReview: practical accountability for distributed systems , 2007, SOSP.
[58] Xin Zhang,et al. ShortMAC: Efficient Data-Plane Fault Localization , 2012, NDSS.
[59] Xin Liu,et al. Passport: Secure and Adoptable Source Authentication , 2008, NSDI.
[60] Vyas Sekar,et al. Design and Implementation of a Consolidated Middlebox Architecture , 2012, NSDI.
[61] Srdjan Capkun,et al. Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.
[62] George Candea,et al. Verifying software network functions with no verification expertise , 2019, SOSP.
[63] Scott Shenker,et al. E2: a framework for NFV applications , 2015, SOSP.
[64] Victor Shoup,et al. Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..