Secure Outsourced Middleboxes

Year: 2018 Version: v1.0


Middleboxes are essential for a wide range of advanced traffic processing in enterprise networks. The trend of deploying middleboxes in public clouds as virtualized services further expands potential benefits of middleboxes while avoiding local maintenance burdens. Despite promising, middlebox outsourcing is facing crucial security challenges. Traffic now is redirect to cloud, where the traffic content and proprietary middlebox rules are exposed. On the other hand, these boxes are no longer under the direct control of enterprises. It is desirable to ensure that these boxes function as intended.

Fig. 1: Cloud Middlebox Service Architecture

  1. How to design a secure middlebox system that performs network functions without revealing either packet payloads or rules?

  2. How to devise practical mechanisms that provide runtime execution assurance of outsourced middleboxes with high confidence?

Fulfilling those requirements will ease enterprises privacy and security concerns, extend their visibility into remote middleboxes, and promote further adoption of NFV services.


  • Xingliang Yuan, Xinyu Wang, Jianxiong Lin, and Cong Wang, "Privacy-preserving Deep Packet Inspection in Outsourced Middleboxes", In The 35th International Conference on Computer Communications (INFOCOM) , San Francisco, USA, 10 - 15 April, 2016.

  • Xingliang Yuan, Huayi Duan, and Cong Wang, "Bringing execution assurances of pattern matching in outsourced middleboxes", In IEEE International Conference on Network Protocols (ICNP) , Singapore, 8 - 11 November, 2016.



Huayi Duan
Xingliang Yuan
Cong Wang