在BYOD设备的中间箱中选择HTTPS流量操作

2017 IEEE 25th International Conference on Network Protocols (ICNP) Pub Date : 2017-10-01 DOI:10.1109/ICNP.2017.8117557

Xing Liu, Feng Qian, Zhiyun Qian

{"title":"在BYOD设备的中间箱中选择HTTPS流量操作","authors":"Xing Liu, Feng Qian, Zhiyun Qian","doi":"10.1109/ICNP.2017.8117557","DOIUrl":null,"url":null,"abstract":"HTTPS has become a vital component of the WWW ecosystem. However, today's application-layer middleboxes in the cloud are largely “blind” to HTTPS traffic. We propose a novel system infrastructural solution, called CloudEye, that allows middleboxes to selectively manipulate HTTPS traffic. A key design philosophy of CloudEye is to hide all the complexity from client and server applications (thus being transparent to them) and to have middlebox-related functions managed by a dedicated OS service. CloudEye provides control of what information the middlebox can access through new techniques such as HTTPS tags and shadow connections, without changing the TLS/SSL or HTTP protocol. CloudEye is secure and easy to use. We implemented its prototype on Linux/Android, and demonstrated its low overhead and rich use cases on off-the-shelf mobile devices and cloud servers.","PeriodicalId":6462,"journal":{"name":"2017 IEEE 25th International Conference on Network Protocols (ICNP)","volume":"52 1","pages":"1-10"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Selective HTTPS traffic manipulation at middleboxes for BYOD devices\",\"authors\":\"Xing Liu, Feng Qian, Zhiyun Qian\",\"doi\":\"10.1109/ICNP.2017.8117557\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"HTTPS has become a vital component of the WWW ecosystem. However, today's application-layer middleboxes in the cloud are largely “blind” to HTTPS traffic. We propose a novel system infrastructural solution, called CloudEye, that allows middleboxes to selectively manipulate HTTPS traffic. A key design philosophy of CloudEye is to hide all the complexity from client and server applications (thus being transparent to them) and to have middlebox-related functions managed by a dedicated OS service. CloudEye provides control of what information the middlebox can access through new techniques such as HTTPS tags and shadow connections, without changing the TLS/SSL or HTTP protocol. CloudEye is secure and easy to use. We implemented its prototype on Linux/Android, and demonstrated its low overhead and rich use cases on off-the-shelf mobile devices and cloud servers.\",\"PeriodicalId\":6462,\"journal\":{\"name\":\"2017 IEEE 25th International Conference on Network Protocols (ICNP)\",\"volume\":\"52 1\",\"pages\":\"1-10\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 25th International Conference on Network Protocols (ICNP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICNP.2017.8117557\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 25th International Conference on Network Protocols (ICNP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNP.2017.8117557","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

HTTPS已经成为WWW生态系统的重要组成部分。然而，今天云中的应用层中间层在很大程度上对HTTPS流量“视而不见”。我们提出了一种新的系统基础设施解决方案，称为CloudEye，它允许中间箱有选择地操纵HTTPS流量。CloudEye的一个关键设计理念是对客户端和服务器应用程序隐藏所有的复杂性(因此对它们是透明的)，并由专用的操作系统服务管理与中间件相关的功能。CloudEye控制中间层可以通过HTTPS标签和影子连接等新技术访问哪些信息，而无需更改TLS/SSL或HTTP协议。CloudEye安全且易于使用。我们在Linux/Android上实现了它的原型，并在现成的移动设备和云服务器上展示了它的低开销和丰富的用例。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Selective HTTPS traffic manipulation at middleboxes for BYOD devices

HTTPS has become a vital component of the WWW ecosystem. However, today's application-layer middleboxes in the cloud are largely “blind” to HTTPS traffic. We propose a novel system infrastructural solution, called CloudEye, that allows middleboxes to selectively manipulate HTTPS traffic. A key design philosophy of CloudEye is to hide all the complexity from client and server applications (thus being transparent to them) and to have middlebox-related functions managed by a dedicated OS service. CloudEye provides control of what information the middlebox can access through new techniques such as HTTPS tags and shadow connections, without changing the TLS/SSL or HTTP protocol. CloudEye is secure and easy to use. We implemented its prototype on Linux/Android, and demonstrated its low overhead and rich use cases on off-the-shelf mobile devices and cloud servers.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 IEEE 25th International Conference on Network Protocols (ICNP)

自引率

0.00%

发文量

期刊最新文献

Multi-tier Collaborative Deep Reinforcement Learning for Non-terrestrial Network Empowered Vehicular Connections Message from the General Co-Chairs Algorithm-data driven optimization of adaptive communication networks Planning in compute-aggregate problems as optimization problems on graphs General ternary bit strings on commodity longest-prefix-match infrastructures