Enabling Secure Outsourced Middlebox Services
Abstract
Modern enterprise networks heavily rely on the ubiquitous network middleboxes for advanced traffic-processing functions, such as intrusion detection, web application firewalls, and load balancers. Recent advances in software packet processing and virtualization technologies are further pushing forward the paradigm of migrating middleboxes to third-party providers, e.g., clouds and ISPs, as virtualized services, with well-understood benefits on reduced maintenance cost and increased service scalability. Despite promising, this new paradigm of middlebox services also raises fundamental security challenges. This is majorly because the network traffic is now redirected to and processed by service providers, which are not necessarily in the same trust domain as enterprises. In this talk, I will present some of our recent research efforts towards secure outsourced middlebox services. Our first challenge is to ensure that those middleboxes consistently perform network functions as intended. Practical assurance mechanisms have to be designed to enforce both individual middleboxes and middlebox service chains to process packets via designated functions. As redirecting traffic to service providers would further raise privacy concerns on the unwanted exposure of traffic flows, I will also discuss our initial efforts on privacy-preserving deep packet inspection in outsourced middleboxes. Finally, along the line I will talk about some possible future research directions.
SpeakerDr. Cong WANG | |
Date & Time27 Feb 2017 (Monday) 11:00 - 12:00 | |
VenueE11-4045 (University of Macau) | |
Organized byDepartment of Computer and Information Science |
Biography
Cong Wang has been an Assistant Professor at the Department of Computer Science, City University of Hong Kong, since the Summer of 2012. He received his PhD in the Electrical and Computer Engineering from Illinois Institute of Technology, USA, in 2012, M.Eng in Communication and Information System in 2007, and B.Eng in Electronic Information Engineering in 2004, both from Wuhan University, China. His current research interests include data and computation outsourcing security in the context of cloud computing, network security in emerging Internet architecture, multimedia security and its applications, and privacy-enhancing technologies in the context of big data and IoT. He has published frequently in peer-reviewed journal and conference papers. His H-index is 23, and his total citation has exceeded 10,000, according to Google Scholar (as of Jan. 2017). He received the President's Awards, City University of Hong Kong in 2016, the Best Paper Award of IEEE MSN 2015 and CHINACOM 2009. His research has been supported by multiple government research fund agencies, including National Natural Science Foundation of China, Hong Kong Research Grants Council, and Hong Kong Innovation and Technology Commission. He has been serving as the TPC co-chairs for a number of IEEE conferences/workshops. He is a member of IEEE and ACM.