Chang Lan: 2016 IoT Workshop


Thursday, April 14, 2016
Location: Fisher Conference Center, Arrillaga Alumni Center

"Embark: Securely Outsourcing Middleboxes to the Cloud"



It is increasingly common for enterprises and other organizations to outsource network processing to the cloud. For example, enterprises may outsource firewalling, caching, and deep packet inspection, just as they outsource compute and storage. However, this poses a threat to enterprise confidentiality because the cloud provider gains access to the organization's traffic.

We design and build Embark, the first system that enables a cloud provider to support middlebox outsourcing while maintaining the client's confidentiality. Embark encrypts the traffic that reaches the cloud and enables the cloud to process the encrypted traffic without decrypting it. Embark supports a wide-range of middleboxes such as firewalls, NATs, web proxies, load balancers, and data exfiltration systems. Our evaluation shows that Embark supports these applications with competitive performance.


Chang Lan is a PhD student in computer science at UC Berkeley, advised by Sylvia Ratnasamy. His research focus on software defined networking and network function virtualization, He also works on data center networking, security, and privacy. He received his B.S. from Tsinghua University in 2013.