TY - GEN
T1 - Selective HTTPS traffic manipulation at middleboxes for BYOD devices
AU - Liu, Xing
AU - Qian, Feng
AU - Qian, Zhiyun
PY - 2017/11/21
Y1 - 2017/11/21
N2 - HTTPS has become a vital component of the WWW ecosystem. However, today's application-layer middleboxes in the cloud are largely 'blind' to HTTPS traffic. We propose a novel system infrastructural solution, called CloudEye, that allows middleboxes to selectively manipulate HTTPS traffic. A key design philosophy of CloudEye is to hide all the complexity from client and server applications (thus being transparent to them) and to have middlebox-related functions managed by a dedicated OS service. CloudEye provides control of what information the middlebox can access through new techniques such as HTTPS tags and shadow connections, without changing the TLS/SSL or HTTP protocol. CloudEye is secure and easy to use. We implemented its prototype on Linux/Android, and demonstrated its low overhead and rich use cases on off-the-shelf mobile devices and cloud servers.
AB - HTTPS has become a vital component of the WWW ecosystem. However, today's application-layer middleboxes in the cloud are largely 'blind' to HTTPS traffic. We propose a novel system infrastructural solution, called CloudEye, that allows middleboxes to selectively manipulate HTTPS traffic. A key design philosophy of CloudEye is to hide all the complexity from client and server applications (thus being transparent to them) and to have middlebox-related functions managed by a dedicated OS service. CloudEye provides control of what information the middlebox can access through new techniques such as HTTPS tags and shadow connections, without changing the TLS/SSL or HTTP protocol. CloudEye is secure and easy to use. We implemented its prototype on Linux/Android, and demonstrated its low overhead and rich use cases on off-the-shelf mobile devices and cloud servers.
UR - http://www.scopus.com/inward/record.url?scp=85041418021&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85041418021&partnerID=8YFLogxK
U2 - 10.1109/ICNP.2017.8117557
DO - 10.1109/ICNP.2017.8117557
M3 - Conference contribution
AN - SCOPUS:85041418021
T3 - Proceedings - International Conference on Network Protocols, ICNP
BT - 2017 IEEE 25th International Conference on Network Protocols, ICNP 2017
PB - IEEE Computer Society
T2 - 25th IEEE International Conference on Network Protocols, ICNP 2017
Y2 - 10 October 2017 through 13 October 2017
ER -