Skip to main content

TS

SplitBox: Toward efficient private network function virtualization

Authors

Hassan Asghar, Luca Melis, Cyril Soldani, Emiliano De Cristofaro, Dali Kaafar and Laurent Mathy

Data61
CSIRO

University College London

University of Liege
Belgium

University College
London

Abstract

This paper presents SplitBox, an efficient system for privacy-preserving processing of network functions that are outsourced as software processes to the cloud. Specifically, cloud providers processing the network functions do not learn the network policies instructing how the functions are to be processed. First, we propose an abstract model of a generic network function based on match-action pairs. We assume that this function is processed in a distributed manner by multiple honest-but-curious cloud service providers. Then, we introduce our SplitBox system for private network function virtualization and present a proof-of-concept implementation on FastClick, an extension of the Click modular router, using a firewall as a use case. Our experimental results achieve a throughput of over 2~Gbps with 1~kB-sized packets on average, traversing up to 60 firewall rules.

BibTeX Entry

  @inproceedings{Asghar_MSCKM_16,
    author           = {Asghar, Hassan and Melis, Luca and Soldani, Cyril and De Cristofaro, Emiliano and Kaafar, Dali and
                        Mathy, Laurent},
    month            = aug,
    year             = {2016},
    title            = {{SplitBox}: Toward Efficient Private Network Function Virtualization},
    booktitle        = {ACM SIGCOMM Workshop on Hot Topics in Middleboxes and Network Function Virtualization, HotMiddleBox
                        2016},
    pages            = {7-13},
    address          = {Florianopolis, Brazil }
  }

Download

Served by Apache on Linux on seL4.