There is an increasing trend that enterprises outsource their middlebox processing to a cloud for lower cost and easier management. However, outsourcing middleboxes brings threats to the enterprise’s private information, including the traffic and rules of middleboxes, all of which are visible within the cloud. Existing solutions for secure middlebox outsourcing either incur significant performance overhead or do not support incremental updates. In this article, we present a secure and dynamic middlebox outsourcing framework, SICS, short for Secure In-Cloud Service. SICS encrypts each packet header and uses a label for in-cloud rule matching, which enables the cloud to perform its functionalities correctly with minimum header information leakage. Evaluation results show that SICS achieves higher throughput, faster construction and update speed, and lower resource overhead at the enterprise and in the cloud when compared with existing solutions.

中文翻译：

---

SICS：安全，动态的中间盒外包

企业越来越倾向于将中间盒处理外包到云中，以降低成本并简化管理。但是，外包中间盒给企业的私有信息带来威胁，包括中间盒的流量和规则，所有这些信息在云中都是可见的。用于安全中间盒外包的现有解决方案会产生巨大的性能开销，或者不支持增量更新。在本文中，我们提出了一个安全且动态的中间盒外包框架SICS，它是Secure In-Cloud Service的缩写。SICS对每个数据包报头进行加密，并使用标签进行云中规则匹配，从而使云能够以最小的报头信息泄漏正确地执行其功能。评估结果表明，SICS可以实现更高的吞吐量，更快的构建和更新速度，