{"title":"Selective HTTPS traffic manipulation at middleboxes for BYOD devices","authors":"Xing Liu, Feng Qian, Zhiyun Qian","doi":"10.1109/ICNP.2017.8117557","DOIUrl":null,"url":null,"abstract":"HTTPS has become a vital component of the WWW ecosystem. However, today's application-layer middleboxes in the cloud are largely “blind” to HTTPS traffic. We propose a novel system infrastructural solution, called CloudEye, that allows middleboxes to selectively manipulate HTTPS traffic. A key design philosophy of CloudEye is to hide all the complexity from client and server applications (thus being transparent to them) and to have middlebox-related functions managed by a dedicated OS service. CloudEye provides control of what information the middlebox can access through new techniques such as HTTPS tags and shadow connections, without changing the TLS/SSL or HTTP protocol. CloudEye is secure and easy to use. We implemented its prototype on Linux/Android, and demonstrated its low overhead and rich use cases on off-the-shelf mobile devices and cloud servers.","PeriodicalId":6462,"journal":{"name":"2017 IEEE 25th International Conference on Network Protocols (ICNP)","volume":"52 1","pages":"1-10"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 25th International Conference on Network Protocols (ICNP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNP.2017.8117557","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
HTTPS has become a vital component of the WWW ecosystem. However, today's application-layer middleboxes in the cloud are largely “blind” to HTTPS traffic. We propose a novel system infrastructural solution, called CloudEye, that allows middleboxes to selectively manipulate HTTPS traffic. A key design philosophy of CloudEye is to hide all the complexity from client and server applications (thus being transparent to them) and to have middlebox-related functions managed by a dedicated OS service. CloudEye provides control of what information the middlebox can access through new techniques such as HTTPS tags and shadow connections, without changing the TLS/SSL or HTTP protocol. CloudEye is secure and easy to use. We implemented its prototype on Linux/Android, and demonstrated its low overhead and rich use cases on off-the-shelf mobile devices and cloud servers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
