Outsourcing network processing to the cloud is becoming increasingly common in enterprises and organizations. However, such outsourcing poses threats to the privacy and integrity of the traffic as well as the integrity of the computation. How can we protect the security of middleboxes from a cloud attacker?
Our study of the security leakage in this space reveals that all prior systems suffer from significant leakage of information. Moreover, the functionality of prior work is also restricted, not supporting some common middleboxes. To address , we design and build a new system, SafeBricks, that enables outsourcing general-purpose middleboxes while providing much stronger security guarantees. SafeBricks supports full middlebox functionality, and its performance overheads are low.